My home internet configuration consists of a Mikrotik router connected to a D-Link DSL-2500U ADSL router (configured in bridge mode) which in turn is connected to my ADSL line. The Mikrotik handles my PPPoE connection and also my firewall. I basically use the D-Link as a simple ADSL modem. These are cheap and small. If the lightning wipes it out, I can simply buy a new one.
From the mikrotik router I push all logs to rsyslogd that runs on my HP microserver. This allows me to have a longer history of the network events. I have also enabled remote logging the modem, however whenever the power cycles, the time reset to [whatever default state]. This creates inaccurate logs. I have no idea when the line dropped and came back up again. It was hard to believe that this modem does not have some sort of NTP. I browsed through all of the options on the web interface with no luck of finding the NTP option.
Enter portscan
PORT STATE SERVICE 21/tcp open ftp 23/tcp open telnet 80/tcp open http
This is interesting... telnet port is open... Connecting to it I get a login request, using the modem's login details I am able to login.
Typing help a bunch of commands are returned, one of which is sntp. BINGO!!
Login: admin Password: > help ? help logout reboot adsl atm brctl cat ddns df dumpcfg echo ifconfig kill arp defaultgateway dhcpserver dns lan passwd ppp remoteaccess restoredefault route save swversion wan usbtest macaddr allledon allledoff keyteston keytestoff ping ps pwd macaddr siproxd sntp sysinfo tftp >
The sntp command returns
> sntp
sntp -s server [ -s server2 ] -t "timezone"
disable
date
zones
>sntp zones --help
Timezones supported:
International Date Line West
Midway Island, Samoa
Hawaii
Alaska
Pacific Time, Tijuana
Arizona
Chihuahua, La Paz, Mazatlan
Mountain Time
Central America
Central Time
Guadalajara, Mexico City, Monterrey
Saskatchewan
Bogota, Lima, Quito
Eastern Time
Indiana
Atlantic Time
Caracas, La Paz
Santiago
Newfoundland
Brasilia
Buenos Aires, Georgetown
Greenland
Press for more.
Mid-Atlantic
Azores
Cape Verde Is.
Casablanca, Monrovia
Greenwich Mean Time: Dublin, Edinburgh, Lisbon, London
Amsterdam, Berlin, Bern, Rome, Stockholm, Vienna
Belgrade, Bratislava, Budapest, Ljubljana, Prague
Brussels, Copenhagen, Madrid, Paris
Sarajevo, Skopje, Warsaw, Zagreb
West Central Africa
Athens, Istanbul, Minsk
Bucharest
Cairo
Harare, Pretoria
Helsinki, Kyiv, Riga, Sofia, Tallinn, Vilnius
Jerusalem
Baghdad
Kuwait, Riyadh
Moscow, St. Petersburg, Volgograd
Nairobi
Tehran
Abu Dhabi, Muscat
Press for more.
Baku, Tbilisi, Yerevan
Kabul
Ekaterinburg
Islamabad, Karachi, Tashkent
Chennai, Kolkata, Mumbai, New Delhi
Kathmandu
Almaty, Novosibirsk
Astana, Dhaka
Sri Jayawardenepura
Rangoon
Bangkok, Hanoi, Jakarta
Krasnoyarsk
Beijing, Chongqing, Hong Kong, Urumqi
Irkutsk, Ulaan Bataar
Kuala Lumpur, Singapore
Perth
Taipei
Osaka, Sapporo, Tokyo
Seoul
Yakutsk
Adelaide
Darwin
Press for more.
Brisbane
Canberra, Melbourne, Sydney
Guam, Port Moresby
Hobart
Vladivostok
Magadan, Solomon Is., New Caledonia
Auckland, Wellington
Fiji, Kamchatka, Marshall Is.
>
Using this, it is easy to setup the NTP client to query the Mikrotik/HP microserver for time when booting up.
Extra
Recently I watched the youtube video, DEF CON 22 - Shahar Tal - I Hunt TR-069 Admins: Pwning ISPs Like a Boss (https://www.youtube.com/watch?v=rz0SNEFZ8h0). The technique he uses to get to the TR-069 page (which is hidden) of the router made me wonder if my modem has this feature and what the values might be.
So looking at the menu frame of the web interface's source reveals a bunch of interesting things
<html>
<head>
<html><head>
<meta http-equiv='Pragma' content='no-cache'>
<link rel=stylesheet href='stylemain.css' type='text/css'>
<link rel=stylesheet href='colors.css' type='text/css'>
<script language='javascript' src='menuTree.js'></script>
<script language='javascript' src='menuTitle.js'></script>
<script language='javascript' src='menuBcm.js'></script>
<title></title>
<base target="_self">
</head>
<body class='mainMenuBody' topmargin="0" leftmargin="0" marginwidth="0" marginheight="0">
<table border="0" cellpadding="0" cellspacing="0" height="1000">
<tr>
<td style="background-color: #CC6906" width="1"></td>
<td class='menu' width="158" valign="top" align="left">
<br>
<script language='javascript'>
<!-- hide
var options = new Array('admin',
'annex_a',
'Bridge',
'0',
'0',
'0',
'',
'',
'0',
'1',
'1',
'1',
'1',
'1',
'1',
'1',
'1',
'false',
'0',
'0',
'', //SUPPORT_SES
'0',
'0',
'0',
'',
'1',
'false',
'0',// value-added usb-storage
'0',
'0'
);
createBcmMenu(options);
initializeDocument();
// done hiding -->
</script>
<noscript>You must enable JavaScript in your browser.</noscript>
</td>
<td style="background-color: #CC6906" width="1"></td>
<td style="background-color: #ffffff"></td>
</tr>
</table>
</body>
</html>
Opening the menuBcm.js shows the option values, and browsing through the code I found the TR-069 page (tr69cfg.html), as well as the NTP page (sntpcfg.html).
if ( sntp == '1' && proto != 'Bridge' && !(proto=='PPPoE' && ipExt=='1') && !(proto=='PPPoA' && ipExt=='1') ) insFld(nodeMngr, gFld(getMenuTitle(MENU_SNTP), 'sntpcfg.html'));
However looking at the code it seems that this menu item is only displayed when the device is not in bridge mode (the mode I am using it in) and if a PPPoE/PPPoA interface has been configured and that the interface has an external IP address.
This is just stupid, so I browse to http://192.168.1.1/sntpcfg.html and I can directly modify my values from there :)
