Menu
What's new

Dahua Backdoor Uncovered

nayr

nayr

IPCT Contributor
Joined
Jul 16, 2014
Messages
9,329
Reaction score
5,325
Location
Denver, CO
Roman said:
And I think you are "underestimating" this too much! I do not want my IP cams to be network devices across the net to distribute malware to me or anyone else or to have some peeping in on my cams!
Click to expand...
And all that is accomplished if you dont put your cameras on the internet and opt to use a secure VPN connection for remote access.. this is standard operating procedure; these things have never and will never be safe for direct exposure to the internet
 
R

Roman

Getting the hang of it
Joined
Aug 31, 2014
Messages
184
Reaction score
29
nayr said:
And all that is accomplished if you dont put your cameras on the internet and opt to use a secure VPN connection for remote access.. this is standard operating procedure; these things have never and will never be safe for direct exposure to the internet
Click to expand...
Yep, understand what your saying...although I fully understand that a VPN connection is a must and not to forward ports, use upnp, cloud crap, or anything else. What I am getting at is that even with all this done (VPN setup etc) that only blocks incoming connections to your cams not outgoing. So say you buy a "shady" cam from ali or ebay or somewhere else (which a lot of folks do) and the crappy firmware they put on the cam contains some kind of hidden menu or whatever else that can still make a connection outbound (out of your network) and connect back to a Chinese dude sitting behind a keyboard...that's what I have a concern about and really what I was getting at with all my posts. This is something I noticed last night looking at my connection logs on my router and now I need to take further action and attempt to block this via rules in my FW.
 
hmjgriffon

hmjgriffon

Known around here
Joined
Mar 30, 2014
Messages
3,386
Reaction score
979
Location
North Florida
Roman said:
Yep, understand what your saying...although I fully understand that a VPN connection is a must and not to forward ports, use upnp, cloud crap, or anything else. What I am getting at is that even with all this done (VPN setup etc) that only blocks incoming connections to your cams not outgoing. So say you buy a "shady" cam from ali or ebay or somewhere else (which a lot of folks do) and the crappy firmware they put on the cam contains some kind of hidden menu or whatever else that can still make a connection outbound (out of your network) and connect back to a Chinese dude sitting behind a keyboard...that's what I have a concern about and really what I was getting at with all my posts. This is something I noticed last night looking at my connection logs on my router and now I need to take further action and attempt to block this via rules in my FW.
Click to expand...
there are different things you can do, I am currently blocking the cameras from talking to anything off the lan except for the interface they connect to on the firewall for NTP, DHCP, DNS, etc.

Block cameras talking to anything:
block drop in log on re0 from <ip_cams> to any

Allow cameras to hit the lan gateway interface:
pass in on re0 inet from <ip_cams> to 10.0.0.1 flags S/SA

just find similar in your device. :)
 
TL1096r

TL1096r

IPCT Contributor
Joined
Jan 28, 2017
Messages
1,223
Reaction score
465
Roman said:
Trying to....learning as I go...not proficient in linux scripting and iptables and editors, etc.
Click to expand...
Roman said:
Yep, understand what your saying...although I fully understand that a VPN connection is a must and not to forward ports, use upnp, cloud crap, or anything else. What I am getting at is that even with all this done (VPN setup etc) that only blocks incoming connections to your cams not outgoing. So say you buy a "shady" cam from ali or ebay or somewhere else (which a lot of folks do) and the crappy firmware they put on the cam contains some kind of hidden menu or whatever else that can still make a connection outbound (out of your network) and connect back to a Chinese dude sitting behind a keyboard...that's what I have a concern about and really what I was getting at with all my posts. This is something I noticed last night looking at my connection logs on my router and now I need to take further action and attempt to block this via rules in my FW.
Click to expand...
Well said, same thing I am trying to convey. I am not concerned about the VPN/P2P right now, I'm more concerned about what this IP camera is sending out through firmware/software I am using.

I am using reolink right now and I am seeing this camera communicating with odd IPs in China... I have no way to block just an IP, if I block the software totally I cannot view the camera, it is has been a pain to try to setup BI so I quit trying with reolink and just use their software.

My router has no option to view connections or outbound/inbound, it is all done through my ISP, I can port-forward to setup a vpn but that is it.

I caught the IPs with firewall software but it does not allow to block just one IP, it can only block the entire software but then I cannot view the cameras.
 
C

Camit

Pulling my weight
Joined
Feb 7, 2017
Messages
412
Reaction score
122
Roman said:
And I think you are "underestimating" this too much! I do not want my IP cams to be network devices across the net to distribute malware to me or anyone else or to have some peeping in on my cams!
Click to expand...
You don't understand if it's on the net it will always have a risk .. if your that paranoid just unhook the cable from your house.. you think hackers can't get pass a firewall? It's just like your house,you can buy the worlds best locks, best security cameras, but if someone really wants in they will get in.
 
TechBill

TechBill

Known around here
Joined
Nov 1, 2014
Messages
1,772
Reaction score
1,181
Most modern modem and router are pretty secured these days from outside attacks.

So hackers try to exploit a hole in firmware or trick customers to open/install a program such as "latest firmware" to install back door on their hardware to establish a connection to it.

A well written back door when once establish a connection can bypass most firewall, vpn etc.

If you don't want camera expose to network then put it on a local network that is isolated and not connected to internet. Also don't always grab whatever firmware you find on the net unless you know that the firmware is from a trusted source.

As for the back door left behind by firmware developers, nothing we can do about those until it get discovered by someone or the developers remembers about it and release a patch or update inmmediatiy to remedy their mistake.

It same with us buying everyday products, we never know if the foods we put in our mouth will be safe or there will be a recall on it because it was making other sick. There no real way to be sure until it is discovered.
 
C

Camit

Pulling my weight
Joined
Feb 7, 2017
Messages
412
Reaction score
122
TechBill said:
Most modern modem and router are pretty secured these days from outside attacks.

So hackers try to exploit a hole in firmware or trick customers to open/install a program such as "latest firmware" to install back door on their hardware to establish a connection to it.

A well written back door when once establish a connection can bypass most firewall, vpn etc.

If you don't want camera expose to network then put it on a local network that is isolated and not connected to internet. Also don't always grab whatever firmware you find on the net unless you know that the firmware is from a trusted source.

As for the back door left behind by firmware developers, nothing we can do about those until it get discovered by someone or the developers remembers about it and release a patch or update inmmediatiy to remedy their mistake.

It same with us buying everyday products, we never know if the foods we put in our mouth will be safe or there will be a recall on it because it was making other sick. There no real way to be sure until it is discovered.
Click to expand...
Explained perfectly ...
 
TL1096r

TL1096r

IPCT Contributor
Joined
Jan 28, 2017
Messages
1,223
Reaction score
465
Great thread, but is there a way we can get a thread together to make a DIY/posts with suggestions how to secure your camera / block / search for IPs that could be sending information out from your camera?

It will go a long way as there are more newbies than experts.

My main concern is how to block and secure my IP camera on the home network due to my firewall picking up China IPs communicating with the reolink software, I cannot seem to block it without shutting down the software.
 
TechBill

TechBill

Known around here
Joined
Nov 1, 2014
Messages
1,772
Reaction score
1,181
TL1096r said:
Great thread, but is there a way we can get a thread together to make a DIY/posts with suggestions how to secure your camera / block / search for IPs that could be sending information out from your camera?

It will go a long way as there are more newbies than experts.

My main concern is how to block and secure my IP camera on the home network due to my firewall picking up China IPs communicating with the reolink software, I cannot seem to block it without shutting down the software.
Click to expand...

Simplest way to block cameras from communicating to outside network is to get a NVR with built in switch ports and connect all the cameras to it.

Some NVR offer a feature allowing outside network to access the cameras, just don't enable it or toggle it on.

The cameras should be completely blocked off unless someone was foolish enough to upload a untrusted firmware into their NVR
 
TL1096r

TL1096r

IPCT Contributor
Joined
Jan 28, 2017
Messages
1,223
Reaction score
465
TechBill said:
Simplest way to block cameras from communicating to outside network is to get a NVR with built in switch ports and connect all the cameras to it.

Some NVR offer a feature allowing outside network to access the cameras, just don't enable it or toggle it on.

The cameras should be completely blocked off unless someone was foolish enough to upload a untrusted firmware into their NVR
Click to expand...
I'm using the reolink NVR... the issue is the software I have on my computers to view camera are communicating with the China IP, 20KB randomly, not always when it is loaded.
 
TechBill

TechBill

Known around here
Joined
Nov 1, 2014
Messages
1,772
Reaction score
1,181
TL1096r said:
I'm using the reolink NVR... the issue is the software I have on my computers to view camera are communicating with the China IP, 20KB randomly, not always when it is loaded.
Click to expand...
Log it using a packet sniffer and if it not encrypted, you may discover something from it
 
fenderman

fenderman

Staff member
Joined
Mar 9, 2014
Messages
36,901
Reaction score
21,268
TL1096r said:
I'm using the reolink NVR... the issue is the software I have on my computers to view camera are communicating with the China IP, 20KB randomly, not always when it is loaded.
Click to expand...
post that info to the reolink twitter feed.
 
You must log in or register to reply here.
Top