#3 TimeCheck reports my time zone may be wrong

closed-fixed
None
5
2007-01-10
2006-11-05
Mark_C
No

DShield sends me an email like so:
> You visited the DShield server's timestamp page. We
compared the
> logs you submitted with our records and found the
following times:
>
> Our Time: 2006-10-27 00:49:29 UTC
> Your Time: 2006-10-27 13:49:28 UTC
>
> Looks like your time zone may be wrong. Please
double check your
> setting. All data is converted to UTC (=GMT) before
importing it into
> the database. GMT doesn't know a 'summer'
or 'daylight savings' time.

I've checked carefully, and my submitted date/times
seem to be correct.
I think the error email I am getting from DShield is
bogus.

If I visit the 'update your profile' page, it says:
Time Check: Last check: Nov 1st 2006. Offset: 46798
seconds.
(46800 seconds being 13 hours = my time zone.)

If I visit:
https://secure.dshield.org/timestamp.php
it says:
Your IP address: 60.x.x.x
Packet sent to port 10093
Current Server Time: 01:18:20 Sun Nov-05-2006 UTC

I see the following in my firewall log:
1,[05/Nov/2006 14:18:20] Rule 'Block & Log Incoming':
Blocked: In TCP, (null) [65.173.218.95:55222]-
>localhost:10093, Owner: no owner

If I convert my log file and send myself a test email,
I see:
(Email Subject) FORMAT DSHIELD USERID xxxxxxxx TZ
+13:00 CVTWIN (<Firewall Brand>) 1.2.48
...
2006-11-05 14:18:20 43753461 1 65.173.218.95 55222
60.x.x.x 10093 TCP
...

I am using the standard CVTWIN.exe program, and am NOT
using the ForceTZ option in CVTWIN.ini.
Both the TZ and WinTZ options stored in CVTWIN.ini are
correct (+13).

Note: Date/times in the email I submit are in my local
timezone (NZDT/+13), AND/BUT my timezone is included
in the subject line of the email, which I presume
should allow DSheild to adjust the email date/times to
UTC.

DShield should be able to take the time from my
submitted log (2006-11-05 14:18:20) subtract my
timezone in the subject line of the email (+13) and
come up with the same UTC time of the timecheck (2006-
11-05 01:18:20 UTC).
But it seems that it is not.

(If I *do* have a config problem my end, please help
me fix it!)

(email address and DShield UserID sent to jullrich.)

Discussion

  • Johannes Ullrich

    • assigned_to: nobody --> dshield
     
  • Mark_C

    Mark_C - 2006-12-10

    Logged In: YES
    user_id=1637918
    Originator: YES

    Ah!...

    Line 1935 of Parsers.bas reads like so:
    AlertDate = f2(2) + "-" + f2(1) + "-" + f2(0) + " " + f1(1) ' + " " + TZ
    (This is for: Case Is = "Tiny Personal Firewall", "Kerio Personal Firewall")

    Note the ... ' ... character commenting out the addition of the TimeZone to the date/time.

    Presumably this was commented out because it was decided that Kerio PFW and Tiny PFW used UTC date/time in their log files.
    I use Kerio Personal Firewall 2.1.5, which uses local date/time in the log.

    Could we (I) have another selectable IDS value of either:

    Kerio Personal Firewall 2
    Kerio Personal Firewall (log has local time)

    Or a cvtwin.ini option to add the TZ?

    Or (if appropriate) uncomment the code to add the TZ (presumably this may break other versions).

    Thanks.

     
  • Mark_C

    Mark_C - 2006-12-15

    Logged In: YES
    user_id=1637918
    Originator: YES

    PS: It's not pretty, but I do now have a hack/workaround, and I am now sending TZ in the body of the email. (Hopefully my TimeCheck offset will shortly come right...)

     
  • Johannes Ullrich

    • status: open --> closed-fixed
     

Get latest updates about Open Source Projects, Conferences and News.

Sign up for the SourceForge newsletter:





No, thanks