I was at a clients house were I have 12 cameras and using milestone for NVR. The only port I have opened up was for the milestone 8081 and I was looking at their xfinity xfi account which has mild firewall and it showed about 100 attempts to access some of the Hikvision cameras remotely from all kinds of countries but I'm trying to figure out how if the ports aren't open. I read their was a backdoor to these cameras but still without ports being open I'm wondering how they are doing it. I'm sure some of these are blackmarket china versions so I'm assuming they have something built in that is advertising it. Anyone else seen this?
Accessing Hikvision Cameras Inside Firewall Backdoor
- Thread starter barkster
- Start date
alastairstevenson
Staff member
Perhaps they were not explicitly opened by manually configuring the router, but were automatically opened by UPnP being enabled on both the cameras and the router.
Check for any inbound ports using the full port scan (not the UPnP scan) from here : GRC | ShieldsUP! — Internet Vulnerability Profiling
You might be surprised at what you see.
Then access the router and cameras web GUI and disable UPnP if it is enabled.
I was thinking about upnp but I've never seen that option in the camera but will look again. Thanks
alastairstevenson
Staff member
In Hikvision cameras, UPnP is usually enabled by default.
Check the inbound access first using ShieldsUp! before changing anything.
Then you will be able to see the before and after.
And also check the router, it needs to be enabled there also.
Check the inbound access first using ShieldsUp! before changing anything.
Then you will be able to see the before and after.
And also check the router, it needs to be enabled there also.
SouthernYankee
IPCT Contributor
1) junk Xfinity for your router, use it as a modem, place the Xfinity in passthru mode.
2) get a good quality router that supports openVpn ( some Asus router and other brands)
3) use only VPN to access your network
4) block the Mac address of all cameras at the router.
A side note on Xfinity, if you are under attack Xfinity will charge you for the traffic. I normally use about 350 gb per month. Last month I used more than 1.5 tb. They tried to charge $10 for 50gb over 1tb. Last night I used 10gb with the modem plugged in and the router unplugged. Xfinity has yet to provide any useful information on how they calculate traffic and why they do not prevent attacks.
I have yet to talk to a knowledgeable Xfinity network engineer.
2) get a good quality router that supports openVpn ( some Asus router and other brands)
3) use only VPN to access your network
4) block the Mac address of all cameras at the router.
A side note on Xfinity, if you are under attack Xfinity will charge you for the traffic. I normally use about 350 gb per month. Last month I used more than 1.5 tb. They tried to charge $10 for 50gb over 1tb. Last night I used 10gb with the modem plugged in and the router unplugged. Xfinity has yet to provide any useful information on how they calculate traffic and why they do not prevent attacks.
I have yet to talk to a knowledgeable Xfinity network engineer.