Why does Lumi ViewPoint connect to ntp.pool.org?

This is how we verify the licence time on the USB Receiver and the validated licence

How do we know this cannot be exploited?

We contact the array of NTP servers by sending a very short 16 byte UDP message to pool.ntp.org requesting the current date/time. The 48 bytes returned are immediately interpreted, date extracted, and the message thrown away.

What sort of measures are done to protect us as a user of the software?

No other data is transferred to pool.ntp.org other than the 16 byte date/time request. The returned message is only used to extract the current date/time and validate your licence is valid.

Do you validate the time brought back?

Yes. We expected the return data to be a decimal number which represents the current date time. Only 48 bytes are accepted as a return response. Any other data is rejected. Any data that is not a decimal number is rejected.

Is the field limited in length?

Yes. Only 48 bytes are accepted as a response.


Reviewed and Approved by Global Support 09/01/23