DDoS attack from NVR

[belmont]

I lost my connection to my Hikvision NVR since last weekend, exactly when the DDoS attack happened against DynDNS.

Chinese camera vendors already admit their cams , NVRs were used for the attack.

Does anyone having the same issue? My NVR looks like did not survive the CPU load they made on it and gave up.

http://thehackernews.com/2016/10/iot-camera-mirai-ddos.html

hoping I can re-flash it

 

[rotorwash]

Was it directly connected to or port forwarded to the internet?

 

[nayr]

none of the hacks that have been reported have been permanent, a reboot would remove any malware running on it.. If they damaged it then your basically SOL

but you have to take it off the internet first or it'll just happen again pretty much instantly.. use a VPN for remote access

 

[belmont]

it is not reachable via IP anymore, even if i can VPN into the network. I can not restart as I am far away but hopefully it will fix it. The NVR is behind a Mikrotik router no portforward used. Anyhow I can reach the cameras, "only" the NVR went silent. Heck knows what happened but strange coincidence in time with the DDoS activity.

 

[nayr]

if you didnt expose it to the internet and require a VPN for access then it was not participating in the DDOS attacks, just a conscience.. but double check you have uPNP disabled (on your router) just incase, with that enabled they can open there own ports.

for extra protection configure your router's firewall to block all traffic too/from the internet and your video surveillance devices.

 

[belmont]

ahh, OK, many thanks. On mikrotik forum they wrote last weeks some ppl observer huge number of attacks from NVRs. So, i even suspect the Mikrotik was a point of entry. But i dont have any logs.

 

[alexvas]

Next version of tinyCam Monitor will have Mirai vulnerability detection in IP cameras. Finishing testing.
https://twitter.com/tinyCamMonitor/status/790668705478959104

 

[fenderman]

Next version of tinyCam Monitor will have Mirai vulnerability detection in IP cameras. Finishing testing.
https://twitter.com/tinyCamMonitor/status/790668705478959104

Awesome!

 

[alexvas]

tinyCam Monitor introduced Mirai botnet vulnerability scanner for all IoT devices (IP cameras, DVRs, routers, etc.) that you may have in your home network. Mirai botnet is known for its recent large scale distributed denial-of-service (DDoS) attacks.

Please use free tinyCam Monitor Android app to test if your device contains vulnerability
https://play.google.com/store/apps/details?id=com.alexvas.dvr

More info regarding this feature is here:
https://plus.google.com/u/0/116818390313397542132/posts/btiJaNJLbzk

 

[belmont]

Mr. Alexey Vasilyev, i am glad you have responded on my topic, your app is excellent!

 

[nayr]

Thanks for also advocating VPN Use within your documentation, the scanner is a great addition to the community.. great work.

 

[hiky]

Yeah just before the DDOS attack i noticed my NVR was getting hammered for a password hack, luckily it is complex and i have the NVR set to let me know if anyone is accessing it, took it off line and changed the ports which solved the issue, all quite again

But NAYR is right, should really use VPN... if only someone would take the time and describe what and how VPN is, the forum really needs a sticky on what why and how on VPN