[RndTbl] MTS blocking NTP
trevor at tecnopolis.ca
Sat Jan 26 02:44:28 CST 2019
On 2019-01-25 Adam Thompson wrote:
> IIRC a handful of "important" NTP servers are whitelisted, e.g.
> time.windows.com and the equivalent from Apple. The source port
I tried time.windows.com, as a first check no dice. No major ntp
server I can think of goes through.
> limitation is specifically because only full-fledged NTP server
> implementations were vulnerable, and they must by definition use port
> 123. The block only exists for ADSL/VDSL/FTTH customers AFAIK.
> Business fibre and SHDSL customers are expected to run firewalls that
> work. -Adam
The customer is VDSL business, low-ish end plan, but not fibre. Yes,
one would think they'd not block 123 for business. This plan does *not*
block SMTP port 25. What a strange world MTS dwells in that 25 is
open but 123 is not.
On 2019-01-25 John Lange wrote:
> Might be worth going through the pain of opening a ticket to see if
> you can get an official answer. I believe the CRTC regulations
> prevent them from arbitrarily manipulating, blocking, or shaping the
> network traffic without disclosing what they are doing.
The staff will contact MTS so we'll see. I did find a web page that
showed all the ports MTS blocks, and 123 wasn't on there. Probably out
of date though (still said MTS). As for ISP companies not blocking
without disclosing... wouldn't hold my breath on that one.
On 2019-01-25 Gilles Detillieux wrote:
> I had an issue with NTP port 123 being blocked when switching from
> MTS's phone-line based ADSL service to their fibre based "VDSL"
> service several years ago (well before the Bell takeover). Colin is
Ah, that might be it! It may not have broken when Bell took over, it
may have broken when the company switched to VDSL. It was around the
same time I think (give or take 2 years, grin). Weird I didn't notice
until now... I guess the RTCs were so good it took this long to lose a
whole 1-2 minutes and cause me to notice.
> Apparently the only solution is to use MTS's own NTP server. I think
> it's ntp.mts.net, but I'm not at home now so I can neither check my
ntp.mts.net also does not work. If you do have their official ntp
server name somewhere, please dig it up for me as that would be super
handy if they decide to block my current workaround trick too!
More information about the Roundtable