Menu
What's new

Has my Axis camera been hacked?

S

S7uey

n3wb
Joined
Apr 11, 2019
Messages
2
Reaction score
2
Location
UK
Hello, sorry for my 1st post asking for advice.

I have a few axis cameras and noticed some unusual IP addresses for connected sessions on one of my external cameras (I will check the others too)

I found these addresses in;

System options > support > logs and reports > information > connection list

Please see image

60C6E04D-DDAE-4712-AE9A-7C619E89DCB1.jpeg
I’m certainly no expert but I am concerned, as these ip addresses are unfamiliar to me.

I’ve updated the firmware tonight and when I reloaded the camera, within a few minutes these ip addresses popped up again…

I’ve also reset the password, rebooted and the ip addresses returned

so my questions are

1. have I been hacked?
2. If so, how can I lockdown this device?

appreciate any pointers.

regards

Stu
 
Mike A.

Mike A.

Known around here
Joined
May 6, 2017
Messages
3,833
Reaction score
6,393
And those are all legit time servers answering outgoing requests for time from within your network. Search for IP Whois lookup. You'll find a bunch. If you have questions about an IP address you can put it into one of those and it will (in most cases) return a host name and whois information. Sometimes can't tell much from that but in this case they're all clearly well known servers at Cloudflare, ntp.org, etc.

On the negative side, that suggests that your cameras have outgoing access to the Internet to make the request.
 
S

S7uey

n3wb
Joined
Apr 11, 2019
Messages
2
Reaction score
2
Location
UK
Thank you both for your replies.
@Mike I’ll take your advice and lock down the device. I’ll remove the device from having outbound access (even if it is time/date update). I only access my network through VPN and connect locally, however I can see the device does have web access through dhcp to the time server to sync.
 
Mike A.

Mike A.

Known around here
Joined
May 6, 2017
Messages
3,833
Reaction score
6,393
Don't know how you're set up there but if you have an always on machine there, then you can run NetTime or some other local NTP server and point your cameras to it instead of an outside server. Or you may be able to limit things at your firewall to only pass NTP traffic for those devices. It's not NTP going to known servers that's much of a concern. It's more that if they have access to that, then they may have access to do anything else also. Axis is a little more trustworthy than some random cam but as general practice I'd lock them down too. I was surprised to see, for example, that some Ubiquiti devices that I had were phoning home and passing data to it all the time. : /
 
You must log in or register to reply here.
Top