PoE-powered NTP Display

As you might have noticed, I am playing a lot with NTP these days. Having a networking background I also like Power over Ethernet. So what’s more obvious than using a PoE-powered NTP display for test purposes? ;D

This article is one of many blogposts within this NTP series. Please have a look!

Let’s have a look at the Meinberg OnTime LED NTP Display. It’s a quite big 7-segment LED display that has only one single interface: the Ethernet port. Nice. Plugging it into a PoE switch it boots up, gets an IPv4 address via DHCP and leverages SNTP to a predefined NTP server (by DNS name) to get the time. Every 60 minutes it refreshes its time from that server again. Quite simple.

I am using this NTP display in two of my recurring network and security training:

  1. NTP/NTP-Security: When I want to show how easy an attacker can spoof NTP packets by a MITM attack. Or that this IoT device will accept any time, no matter how far it drifts from the actual time since it has no built-in real-time clock to compare with.
  2. Network basics training: It’s a perfectly easy use case for basic network protocols: DHCP, DNS, NTP. Nice for live capturing with Wireshark.

Configuration

Though the display works out of the box, you may want to configure a couple of things. Two configuration methods are possible: Either via Telnet (uh, yes, Telnet; no SSH available) by using a classical CLI, or via custom DHCP options. While you can do some more stuff with Telnet, the DHCP based approach perfectly fits when you have a couple of those NTP clocks and want to provide basic settings such as the NTP server to use, the timezone, daylight saving time, or 24-hour mode.

The CLI offers some more options. It is quite simple as well. Only a couple of commands such as help, sntp (to set the NTP server), ipconfig (to set the IPv4 address), stats, dhcpconfig (to see the overrides by DHCP options), or config (to see the complete configuration). Following is the “config” output, which gives a glance about all options:

 

Sample Run

What I love about this clock is its easy usability:

And by the way: It consumes about 6 Watts.

Disabling Telnet

Oh yeah, at least there is a “disabletelnet” command. This greatly improves security. Without any confirmation the command immediately worked:

After some tests that telnet is indeed disabled, I wanted to enable it again. But how? Nothing in the documentation. Finally, I found how to reenable it on the Novanex support site, stating: “Return the clock to Inova Solutions where we can perform a factory reset for you for a support charge, or contact technical support.” Hence I opened a support ticket and here is how you can factory reset the device:

To perform the factory reset of a v2 clock, open the case with four screws, then power-up the clock by inserting the PoE cable, and when the clock has finished booting, press the reset button on the circuit board and hold it for about 15 seconds until the clock reboots. This should be done with static protection in mind as the circuit board components can be damaged by static discharge.

To my mind, this is a good solution to keep the clock tamper-proof, since it will probably reside in a public location. No single button/switch at the clock at all, while no single IP connection to it, as well.

Wireshark

As already pointed out, I am using this clock for demo purposes during my network and/or NTP talks. You don’t have that many disturbing packets on it, but only a very straightforward run of DHCP, DNS, and NTP. (And probably some STP and LLDP packets from the switch itself.) That’s why it’s easy for beginners to have a look at live packet captures.

This is what the bootup looks like: (Though there is a small error in waiting only 1 second for DNS to reply, while any packets after that second are “port unreachables”.)

After that, every hour a single NTP request is sent (default setting). That’s it.

Portscan with Nmap

After I disabled Telnet I did a basic Nmap scan to check if there are some (hidden) opened ports. No single one was found. Good. Details:

 

No IPv6, no SSH

Just to say it again: This clock does not support IPv6 nor SSH. Definitely not what I am expecting these days. Ok, it’s an IoT device. Hence, I actually was expecting it. ;)

However, I’m quite happy with this clock. It perfectly fits my use case and a lot of people respond to that.

Disclosure: I received this product free of charge in order to test and review it. I was not restricted or influenced in any way to ensure an honest and unbiased test.
Photo by Gian D. on Unsplash.

1 thought on “PoE-powered NTP Display

Leave a Reply

Your email address will not be published. Required fields are marked *