#2 TimeStamp Verification does not work

closed-fixed
None
5
2007-01-10
2006-11-04
olddog55
No

As of 4 Nov 2006, my personal 'User Profile' page is
showing:

Time Check: Last check: Feb 14th 2006. Offset: 0 seconds.

This despite a daily cron job firing off a 'wget
https://secure.dshield.org/timestamp.php' query. I
have also manually accessed the timestamp verification
page.

I have verified that TCP packets in the range
10000-10100 are being received from 65.173.218.95 and
are being reported to dshield.

For further specific details, please contact me directly.

Discussion

  • olddog55
    olddog55
    2006-11-04

    Logged In: YES
    user_id=1407933

    After some further checking:

    The DShield 'Time Stamp' page states "The packet will
    originate from 65.173.218.74"

    I have been seeing the packets originate from 65.173.218.95,
    .96, & .97.

    All TCP and all in the destination port range 10000-10100

     
    • assigned_to: nobody --> dshield
     
  • Logged In: YES
    user_id=113733

    Could you please email your dshield account e-mail and or
    userid to jullrich @ sans.org?

    The packet may come from various hosts in the
    65.173.218.0/24 network.

     
  • Tom
    Tom
    2006-11-09

    Logged In: YES
    user_id=1537780

    I am also seeing this problem.

    I login to my account, goto the profile page, scroll down to
    "Time Check" and click on the time check link. I receive a
    packet from the correct IP range to my IP and the port
    listed on the test page. The packet is being logged by my
    system and is included in my daily reports to DShield.

    I am not receiving the time check email from DShield, and
    the check is not being updated on my profile page.

    I will be glad to supply any further information needed to
    correct this problem.

     
  • Old_Crow
    Old_Crow
    2006-11-29

    Logged In: YES
    user_id=1650304
    Originator: NO

    This seems to be a general problem. I'm receiving daily automatic time-check 'pings' which are apparently always from 65.173.218.96 and duly returning the log report, but no time-check verification appears to take place as a result. Checking that particular source IP on DShield's own ipinfo lookup reveals some 17500 'attacks' on 201 targets on ports 10000->10099 in the last 29 days, so it seems that these 'ping' reports are not being reliably intercepted by DShield time-check processing. It also amounts to 3/day/target which doesn't seem to add up as I'm only receiving/reporting one per day currently.

    Tony

     
  • olddog55
    olddog55
    2007-01-06

    Logged In: YES
    user_id=1407933
    Originator: YES

    Update Info: The ISC/DShield web sites are undergoing major software revisions 06-07jan2007.
    <quote JUllrich>
    At first, most of the changes will be to the design and the backend
    code, so there will not be many new/exciting features. But with the new
    backend, it will be easier to roll out new features (and fix some of the
    old bugs with fightback and the timestamp)
    </quote>

    So it looks like progress is being made... :-)

     
    • status: open --> closed-fixed