Illegal login notification

1advancing

Young grasshopper
Joined
Oct 18, 2016
Messages
74
Reaction score
1
I received an email for illegal login notification:

"
This is an automatically generated e-mail from your IPC.

EVENT TYPE: Illegal Login,login ip:10.0.3.19 EVENT TIME: 2017-03-25,03:42:40 IPC NAME: IP CAMERA IPC S/N: DS-2CD3145F-I20151117AACH552652357
"

It wasn't me and nobody else really has IP info who I know that would try. So obviously someone from outside. I received 3 emails like this.

Is there room for worry or they just got locked out and should be fine? Just curious if there are any back doors or exploits for these cameras or they are fairly safe.

My password is fairly complex so I doubt brute force could crack it even if there was no lockout feature.
 

Dodutils

Pulling my weight
Joined
Dec 10, 2016
Messages
451
Reaction score
166
Do you know who/what is using this IP 10.0.3.19 in your LAN ? did you try ping it to see if it is still here ? do you know what mac addr is associated ? is it some WAN IP gateway ?
 
Last edited:

patrickdo

n3wb
Joined
Jun 27, 2016
Messages
5
Reaction score
1
I've come to realize that the illegal login e-mails from my 2432/2442 always report the LOCAL IP addresses of the device trying to log in (the 10.0.x.x in your case is a local IP address), even if they're from outside your LAN. At first glance, this makes it impossible to determine where the user is...
 

fenderman

Staff member
Joined
Mar 9, 2014
Messages
36,897
Reaction score
21,250
You must be joking about these cameras being secure....Use VPN..
 

Fastb

Known around here
Joined
Feb 9, 2016
Messages
1,342
Reaction score
934
Location
Seattle, Wa
1advancing,

The email gives a clue. Check the NVR log file for other clues. Or the cam log file, if there is one (since it sounds like you may not have an NVR)
Your router, which connects your cam to the internet, may have a log file as well.

If you use remote viewing, say with an android app, then the app uses u/n & p/w to access the video feed. On my android app, I use both:
- the internal ip (for fast viewing of recorded video or live view from multiple cams), and
- the external ip (for when I'm out of range of the home WiFi lan)

The above is true for viewing on a laptop, using SmartPSS or or other.

Dodutils makes excellent suggestions, esp re: mac addr. Check your router or WAN gateway. Find the "connected devices" screen to see all on-line devices on your home lan. If you're using DHCP, then the ip address (which changes due to DHCP) won't be as useful as the mac addr (which doesn't change).

Fastb
 

1advancing

Young grasshopper
Joined
Oct 18, 2016
Messages
74
Reaction score
1
Do you know who/what is using this IP 10.0.3.19 in your LAN ? did you try ping it to see if it is still here ? do you know what mac addr is associated ? is it some WAN IP gateway ?
No it is some outside IP, it is not part of my LAN or WAN.
 

1advancing

Young grasshopper
Joined
Oct 18, 2016
Messages
74
Reaction score
1
I've come to realize that the illegal login e-mails from my 2432/2442 always report the LOCAL IP addresses of the device trying to log in (the 10.0.x.x in your case is a local IP address), even if they're from outside your LAN. At first glance, this makes it impossible to determine where the user is...
Not quite sure what you mean local but from outside...
 

1advancing

Young grasshopper
Joined
Oct 18, 2016
Messages
74
Reaction score
1
You must be joking about these cameras being secure....Use VPN..
I wasn't joking, but was asking. Unless you are talking about some specific setup, using VPN is inconvenience since one has to connect each time before viewing the cameras, it is more expense to setup VPN, and it will slow down the transfer somewhat.
 

fenderman

Staff member
Joined
Mar 9, 2014
Messages
36,897
Reaction score
21,250
I wasn't joking, but was asking. Unless you are talking about some specific setup, using VPN is inconvenience since one has to connect each time before viewing the cameras, it is more expense to setup VPN, and it will slow down the transfer somewhat.
There is thread after thread about hikvision vulnerabilities a new one was just uncovered by a forum member here...search google...
Backdoor found in Hikvision cameras
Dahua, Hikvision IoT Devices Under Siege — Krebs on Security

VPN is FREE (built into many low priced consumer routers), and has limited overhead..you can automate the connection using tasker or leave it on...
Port forwarding any NVR/camera is stupid and a HUGE security risk.
Google
 

1advancing

Young grasshopper
Joined
Oct 18, 2016
Messages
74
Reaction score
1
1advancing,

The email gives a clue. Check the NVR log file for other clues. Or the cam log file, if there is one (since it sounds like you may not have an NVR)
Your router, which connects your cam to the internet, may have a log file as well.

If you use remote viewing, say with an android app, then the app uses u/n & p/w to access the video feed. On my android app, I use both:
- the internal ip (for fast viewing of recorded video or live view from multiple cams), and
- the external ip (for when I'm out of range of the home WiFi lan)

The above is true for viewing on a laptop, using SmartPSS or or other.

Dodutils makes excellent suggestions, esp re: mac addr. Check your router or WAN gateway. Find the "connected devices" screen to see all on-line devices on your home lan. If you're using DHCP, then the ip address (which changes due to DHCP) won't be as useful as the mac addr (which doesn't change).

Fastb
This is a stand alone camera, it is at my house so I have just 2 cameras and haven't had huge need for NVR.
This IP that is being reported is not from my LAN or WAN IP subnet.
And even if it was, if I understand correctly then "illegal login" means wrong password, yes? If yes then my devices have the password saved so it wouldn't be like me typing it in incorrectly from another network.
In addition thanks for the suggestion to look at the logs, looking at the logs it seems like it has been happening for a while. My guess is that someone or a program is trying to gain access by brute force. I don't have any crazy sensitive on the cams and this one is simply pointing outside on drive way. But I'd still like to know if it is possible to gain access like this or if I have complex password they are out of luck?
In addition I will be blocking those IP addresses in the logs via my router-firewall.
Thanks for suggestions.
 

fenderman

Staff member
Joined
Mar 9, 2014
Messages
36,897
Reaction score
21,250
This is a stand alone camera, it is at my house so I have just 2 cameras and haven't had huge need for NVR.
This IP that is being reported is not from my LAN or WAN IP subnet.
And even if it was, if I understand correctly then "illegal login" means wrong password, yes? If yes then my devices have the password saved so it wouldn't be like me typing it in incorrectly from another network.
In addition thanks for the suggestion to look at the logs, looking at the logs it seems like it has been happening for a while. My guess is that someone or a program is trying to gain access by brute force. I don't have any crazy sensitive on the cams and this one is simply pointing outside on drive way. But I'd still like to know if it is possible to gain access like this or if I have complex password they are out of luck?
In addition I will be blocking those IP addresses in the logs via my router-firewall.
Thanks for suggestions.
See my post above, your complex password is useless.
Also not that once a network device is compromised nothing on that network is secure...you not only risk your camera footage..
 

1advancing

Young grasshopper
Joined
Oct 18, 2016
Messages
74
Reaction score
1
There is thread after thread about hikvision vulnerabilities a new one was just uncovered by a forum member here...search google...
Backdoor found in Hikvision cameras
Dahua, Hikvision IoT Devices Under Siege — Krebs on Security

VPN is FREE (built into many low priced consumer routers), and has limited overhead..you can automate the connection using tasker or leave it on...
Port forwarding any NVR/camera is stupid and a HUGE security risk.
Google
Well it really depends if there is privacy issue or not. Basically where the camera is pointing, if it is simply on drive way then maybe it's nothing to worry about. But if it is a business office or inside the house then yeah it should be secure.
The VPN that comes with the low priced routers really sucks, I'm surprised you don't know that. They don't work well and sometimes don't work at all, not to mention that unless it is a solid business class VPN/firewall then it may have holes of it's own.
There are some decent open source VPNs though perhaps, but I try to use something that is more solid and works well.
 

1advancing

Young grasshopper
Joined
Oct 18, 2016
Messages
74
Reaction score
1
See my post above, your complex password is useless.
Also not that once a network device is compromised nothing on that network is secure...you not only risk your camera footage..
I guess it does makes sense to use VPN for accessing cameras that have sensitive footage.
But I'm not sure why you are saying that if a camera is compromised then another device can be also. If you use different passwords then not sure how that could happen. But if there is a way please share the info.
 

fenderman

Staff member
Joined
Mar 9, 2014
Messages
36,897
Reaction score
21,250
The VPN that comes with the low priced routers really sucks, I'm surprised you don't know that. They don't work well and sometimes don't work at all, not to mention that unless it is a solid business class VPN/firewall then it may have holes of it's own.
This is simply factually incorrect. You need to educate yourself. openVPN is available on asus and other routers. If you are paranoid and want a "business class" experience for free, you can run pfsense or untangle...
 
Last edited:

fenderman

Staff member
Joined
Mar 9, 2014
Messages
36,897
Reaction score
21,250
I guess it does makes sense to use VPN for accessing cameras that have sensitive footage.
But I'm not sure why you are saying that if a camera is compromised then another device can be also. If you use different passwords then not sure how that could happen. But if there is a way please share the info.
Passwords on what your pc? do you think a windows password is strong? Now you are simply being naive. If you need me to explain how a hacker who has bypassed your firewall can gain access to your data you have bigger problems...heck, why have a firewall at all, you have strong passwords dont you? Once a hacker has complete control of a device on your network its relatively easy to gain access to your data.
 
Last edited:

Dodutils

Pulling my weight
Joined
Dec 10, 2016
Messages
451
Reaction score
166
No it is some outside IP, it is not part of my LAN or WAN.
those 10.x.x.x IP are not outside IP unless your IP is used by some gateway that do NAT/PAT on which external IPs connect to and then it is its own 10.x.x.x internal IP that is showed in your LAN.
 

aristobrat

IPCT Contributor
Joined
Dec 5, 2016
Messages
2,982
Reaction score
3,180
I guess it does makes sense to use VPN for accessing cameras that have sensitive footage.
But I'm not sure why you are saying that if a camera is compromised then another device can be also. If you use different passwords then not sure how that could happen. But if there is a way please share the info.
Most of these cameras are running a Unix-like OS. Some of these cameras have known backdoors and/or exploits that give access without having to know the passwords of any accounts that you created.

Allowing direct access to them from the Internet just seems dumb, and thinking that the worst thing that can happen if someone gets into your network through an exploited camera is that they'll just watch the live feed seems naive.

I'm running a VPN on an extremely underpowered entry-level Synology box (that's several years old) and have had no performance issues. But then again, even with streaming in a 4 camera view, that's not even 2 Mbps. I'm doubtful that any VPN-capable device will have issues with that.
 
Top