TL1096r
IPCT Contributor
- Joined
- Jan 28, 2017
- Messages
- 1,223
- Reaction score
- 465
Ok, using arris router - what area on this router would I need to go to block this.
Dahua Backdoor Uncovered
- Thread starter Zeddy
- Start date
nayr
IPCT Contributor
RTFM?
TL1096r
IPCT Contributor
- Joined
- Jan 28, 2017
- Messages
- 1,223
- Reaction score
- 465
figured.I do not have access to the actual router, it is all done through ISP website.
Where is the general area to block the traffic to this device?
I would love to have actual access to the router settings but from what I can guess from reading what my ISP allows it seems so they want to control everything on their end to avoid any PoD/DoS and they block all common ports that are normally vulnerable to hackers. They allow some settings like port forwarding to setup a VPN and DMZ Host.
thanks
Last edited:
nayr
IPCT Contributor
then slap your own router/firewall up inbetween it and your LAN and configure it to be a DMZ host
fenderman
Staff member
- Joined
- Mar 9, 2014
- Messages
- 36,901
- Reaction score
- 21,269
You wont be able to with your unmanaged switches...
That's why I purchased the managed as well, I'll know which one to return now
My setup is going to include a Netgear 8-Port Web-managed Switch and a Zyxel 8-Port PoE+ Managed Switch
My setup is going to include a Netgear 8-Port Web-managed Switch and a Zyxel 8-Port PoE+ Managed Switch
Same here, would be best to be able to troubleshoot a problem for ourselves.
Same with VPN, they do a great job explaining but you have to use google/youtube to find a lot of information.
When I installed my Reolink it was sending information to China it seemed, I turned off some settings and I have not seen the IP popup any longer.
I wonder if Dahua has a backdoor how many others have it but not yet discovered? I feel reolink would have this issue.
I know nayr is all protected from one of his post but wondering if he can look into his models and if he can find out any issues.
TL1096r
IPCT Contributor
- Joined
- Jan 28, 2017
- Messages
- 1,223
- Reaction score
- 465
yes but there are newbies who won't do this, I am still uncertain how to block the camera, if I block with firewall we are unable to use the software that comes with it to view camera on the computer, must look, it was a long shot but thought someone who be able to point me in the right direction. thanks
nayr
IPCT Contributor
IMHO, if you dont have a router capable of running a VPN Server then you have no business using Video Surveillance or any IoT devices remotely.. either get suitable router/firewall/vpn server or get hacked and end up being a weapon on the internet.. its really that simple
Read the VPN Primer for Noobs
Understanding basic network security is a mandatory requirement with this technology; either educate your self or you'll be safer without it.
Read the VPN Primer for Noobs
Understanding basic network security is a mandatory requirement with this technology; either educate your self or you'll be safer without it.
hmjgriffon
Known around here
You can buy a router that is pretty simple to use where you just click a few things and you're off to the races. If you spend hundreds of dollars on cameras but can't spend $100 give or take on a good router with vpn built in, you got problems.
@nayr and @hmjgriffon....
Just so everyone is clear regarding VPN....if you have a VPN set up on your router and no ports forwarded and nothing in the individual camera settings (like UPnP, P2P, whatever that company wants to use) are you pretty much safe from the camera being able to communicate to the outside world or do you still need to VLAN it off or set up FW rules to block ALL outbound traffic? For example, I know in most cameras under network config there are places for IP address, Default gateway, and DNS addresses....I know it's a must to have the IP address set up and the default gateway but can you leave the DNS stuff blank or maybe it won't let you not sure...just thinking of ways the cam could get outside your network.
Just so everyone is clear regarding VPN....if you have a VPN set up on your router and no ports forwarded and nothing in the individual camera settings (like UPnP, P2P, whatever that company wants to use) are you pretty much safe from the camera being able to communicate to the outside world or do you still need to VLAN it off or set up FW rules to block ALL outbound traffic? For example, I know in most cameras under network config there are places for IP address, Default gateway, and DNS addresses....I know it's a must to have the IP address set up and the default gateway but can you leave the DNS stuff blank or maybe it won't let you not sure...just thinking of ways the cam could get outside your network.
hmjgriffon
Known around here
if its connected to an NVR, its already on its own vlan and I don't think cameras themselves can talk to anything else, you don't have to have a seperate vlan, if your firewall will let you block individual IPs, if not then you need a vlan and to block it. there's lots of ways to do it.
No, in my particular case I don't run an NVR...I just have the cameras recording to BI on a Windows pc. I will log into my "consumer grade" router tonight and see if in the FW section it allows you to block certain IP's from communicating to the outside world. If so, then I will just have to list all my cams or range of IP addresses and then maybe try to run some network software to see if that works. Anyway, thanks for the assistance.
alastairstevenson
Staff member
Sorry, but that's not a good assumption - the 'Virtual Host' feature on Hikvision NVRs implicitly enables the Linux kernel 'IP_forward' (not to be confused with port forward) facility such that packets can flow across the NVR LAN and PoE interfaces.
So the cameras on NVR PoE ports can easily talk to the outside world.
hmjgriffon
Known around here
That's why I said I think lol ive never used one of those nvrs
I'm following all these discussions regarding network security and slowly beginning to understand some strategies. All this networking stuff has my head spinning
I have an Asus router and it has a Network Services Filter option that appears to be a method of denying your ip cams from accessing the Internet. Here's a good discussion on another website - I hope it's OK to link another website. Any input is appreciated
Thanks.I have an Asus router as well so I will take a look at that other discussion link that you posted. Also another question for anyone that might know....is there a specific clear cut way that you can figure out if it's even possible for your current cam to communicate outside your network? Is there some sort of test or other way that you can log onto your camera and see if you can access the net or something?I'm following all these discussions regarding network security and slowly beginning to understand some strategies. All this networking stuff has my head spinning
I have an Asus router and it has a Network Services Filter option that appears to be a method of denying your ip cams from accessing the Internet. Here's a good discussion on another website - I hope it's OK to link another website. Any input is appreciated
hmjgriffon
Known around here
if it has an IP address, it's possible.
Well just for giggles I figured I would go home and log onto my router and see if I could find any outbound connections so I viewed my "active connections" log under my WAN section and cam across two of my IP addressed cameras connecting to various outside addresses....not sure what this is all about? Any assistance would be appreciated...
hmjgriffon
Known around here
first one is google DNS, second one is an automatic private IP address, 3rd is some place in China.Well just for giggles I figured I would go home and log onto my router and see if I could find any outbound connections so I viewed my "active connections" log under my WAN section and cam across two of my IP addressed cameras connecting to various outside addresses....not sure what this is all about? Any assistance would be appreciated...
