Importance of opening PORT 554. Most or not?

normel

Getting the hang of it
Joined
Dec 1, 2014
Messages
288
Reaction score
22
Today during the Meeting we had a discussion about port 554. Some said it is neccessary to open this port, otherwise it wouldnt not work on mobile, and some ( including me ) said it is not neccesary.

I have installed many ip cameras, and never opened port 554. I always open port 80( to acces the camera from Internet explorer ) And port 8000 for viewing on mobile phone, and it always worked without 554

Some said, they always opened port 554, otherwise it wont work. And we have bet on € 100-, So i wonder what you guyz think about this..

Will you have access to a camera, without opening port 554? And what is that port actually for ?
 

nayr

IPCT Contributor
Joined
Jul 16, 2014
Messages
9,329
Reaction score
5,325
Location
Denver, CO
554 is RSTP and if your encoding it in x264 its likely using it.. if your encoding in MJPEG its likely being hosted off the web port.. so it can vary.

and pardon my language but everyone in that meeting was a moron, because opening any port to any camera is foolish.. especially for professionals. I cant believe I am having to tell you this, but for the love of god use a VPN for remote access to cameras.. its easier to setup than port forwarding, seriously.. If CEO's, construction workers, and 80 year old women can use VPN im sure you guys can figure it out.

All your phones/computers/tablets have built in VPN clients, all you have to do is setup the server.. and on many modern routers its checking a box and adding some users, much easier than setting up a bunch of port forwards and reconfiguring clients for external vs internal access.
 
Last edited by a moderator:

normel

Getting the hang of it
Joined
Dec 1, 2014
Messages
288
Reaction score
22
unfortunately many devices do not support VPN connections, for me there will be many obstacles
 

nayr

IPCT Contributor
Joined
Jul 16, 2014
Messages
9,329
Reaction score
5,325
Location
Denver, CO
what are these many devices you speak of? Ive yet to see a client device suitable for displaying a Video camera that does not come with built in support...

iOS: VPN Supported
Android: VPN Supported
WindowsXP+: VPN Supported
Apple OSX: VPN Supported
Blackberry: VPN Supported

Nobody in corporate america can access there email anymore without VPN Support.. so everything supports it.

A VPN drops you on the local network transparently, your NVR's and Cameras dont need to know anything about VPN or even the Internet... if you want to connect remote sites together you can have two routers link eachother directly and they wont even know the VPN exists.
 
Last edited by a moderator:

fenderman

Staff member
Joined
Mar 9, 2014
Messages
36,897
Reaction score
21,250
If you are simply using a hikvision camera with the hikvision ivms4500 app then you dont need the rtsp port forwarded.
However if you are using a hikvision NVR you do need 554 forwarded.
 

normel

Getting the hang of it
Joined
Dec 1, 2014
Messages
288
Reaction score
22
Well i have an hikvision nvr, port 554 is not forwarded. and it works flawless ( with ivms 4500 ) thats the strange part.
 

fenderman

Staff member
Joined
Mar 9, 2014
Messages
36,897
Reaction score
21,250
Well i have an hikvision nvr, port 554 is not forwarded. and it works flawless ( with ivms 4500 ) thats the strange part.
on the nvr the port i believe the port is 8554...what port do you have forwarded on the NVR?
 

nayr

IPCT Contributor
Joined
Jul 16, 2014
Messages
9,329
Reaction score
5,325
Location
Denver, CO
do you have uPnP enabled? the NVR can open its own ports if so.
 

normel

Getting the hang of it
Joined
Dec 1, 2014
Messages
288
Reaction score
22
upnp is enabled, and port mapping is set as AUTO
rtsp port external: 57642 port 554, active
 

nayr

IPCT Contributor
Joined
Jul 16, 2014
Messages
9,329
Reaction score
5,325
Location
Denver, CO
you dont have to setup any port forwards, it did it for you.

now go read up on VPN without being predisposed to believing its too complicated.
 

zero-degrees

Known around here
Joined
Aug 15, 2015
Messages
1,359
Reaction score
847
you dont have to setup any port forwards, it did it for you.

now go read up on VPN without being predisposed to believing its too complicated.
You post these same messages on a lot of threads. I commend your passion, however you might want to try and locate a guide, a reference, or a tool that you can direct some people to. I'm the first to be a dick at times on certain subjects here or with certain people, but that's because certain things have been covered or referenced 1,000's of times. However, I haven't seen you cite or reference examples of the "ease" of which to accomplish this task.

Just a thought, or suggestion... Also consider doing an OP with a guide if it isn't to much trouble, then going forward be a dick and tell people they need to read the damn post explaining it.

Again, just a suggestion.
 

nayr

IPCT Contributor
Joined
Jul 16, 2014
Messages
9,329
Reaction score
5,325
Location
Denver, CO
I tried that once... it just turned into a bunch of arguing and cock waving so I abandoned it and never looked back.

it just amazes me how people so concerned with physical security could care so little about network security, then we have a bunch of old Analogue security companies just blindly jumping into networking with just enough knowledge to be very dangerous..

Ive had much better luck coming into people's threads and helping them out there than redirecting everyone to a common pit of nonsensical arguments.. I am just doing a pass it along approach, I figure each person I change there mind and they realize how much better and easier it is will also be as proactive as correcting there coworkers, friends and family from making the same mistakes.

I'd start a blog back up and forward people there but I gotta jump through hoops with my employer so I just avoid social media.
 

ruppmeister

Getting the hang of it
Joined
Apr 15, 2015
Messages
668
Reaction score
98
You post these same messages on a lot of threads. I commend your passion, however you might want to try and locate a guide, a reference, or a tool that you can direct some people to. I'm the first to be a dick at times on certain subjects here or with certain people, but that's because certain things have been covered or referenced 1,000's of times. However, I haven't seen you cite or reference examples of the "ease" of which to accomplish this task.

Just a thought, or suggestion... Also consider doing an OP with a guide if it isn't to much trouble, then going forward be a dick and tell people they need to read the damn post explaining it.

Again, just a suggestion.
Careful what you ask for. I know from past that @nayr uses a masterpiece of network configuration that utilizes RADIUS and other VLAN settings to separate his home network from the rest of the Internet and this is not for the lay person to attempt.

Just sayin...
 
Last edited by a moderator:

zero-degrees

Known around here
Joined
Aug 15, 2015
Messages
1,359
Reaction score
847
Ive had much better luck coming into people's threads and helping them out there than redirecting everyone to a common pit of nonsensical arguments.. I am just doing a pass it along approach, I figure each person I change there mind and they realize how much better and easier it is will also be as proactive as correcting there coworkers, friends and family from making the same mistakes.
Most everything turns into a bunch of bull shit statements in some way or form. Lately its been happening more here it seems with some new users talking out there asses and even more so responding 12+ month old posts with false/crappy information. However if post #1 is the guide then screw every statement and comment after that. #1 is the content and if that's what your initial post and write up/example/walk through is then it will be valuable to a lot of users. As for your statement of "Ive had much better luck coming into people's threads and helping them out" while I have seen this in your responses, I will say I haven't seen it as it relates to your VPN comments - those you just always tell people there fucking stupid for port forwarding. That's why I said it would be helpful if you had something to reference or show for it vs saying everyone that port forwards is a f* idiot... For me there are two users I've called f* stupid openly in numerous posts, however that's because myself and other users have clarified mult times why they are incorrect or speaking out of context. Thus I would just think you would be more appreciated here if you tried to assist in the topic that you are so passionate about. Just my 2 cents that are worth zero cents.

Careful what you ask for. I know from past that @nayr uses a masterpiece of network configuration that utilizes RADIUS and other VLAN settings to separate his home network from the rest of the Internet and this is not for the lay person to attempt.
Just sayin...
Appreciate the comment. This isn't for me though - I have no concerns with port forwarding certain ports, if that makes me a f* idiot in someones eyes - I'll still sleep soundly at night.

This request is based on the numerous comments of how "easy" this is and thus if it is so simple it should be a quick and simply guide, if it is not and is as you describe then very quickly the community will be able to make that determination for themselves. My point is don't describe how simple things are if you are not willing to provide such simple guides.

We use to see this a lot more on this forum with a few "self proclaimed programmers" who would talk about how easy editing firmware to do specific tasks within the HIK cameras was. However they never wanted to do it, never could show examples if they did it. All they wanted to say was everyone was stupid if they couldn't figure it out for themselves, but if they wanted to pay them a few $$$ they would do it for them...

These forums are about helping one another. Nayr does provide helpful posts and information in other conversations and I'd just like to see that also when it relates to a topic that he appears to be so passionate about.
 
Last edited by a moderator:

nayr

IPCT Contributor
Joined
Jul 16, 2014
Messages
9,329
Reaction score
5,325
Location
Denver, CO
I'll try to tone it down a bit, the name calling was uncalled for.. sorry. I try to carefully craft my statements to say such behavior is foolish or ignorant, and avoid actually directly calling anyone a moron or an idiot.. last few days been pretty rough personally and I've been a bit too abrasive..

the whole image in my head of a meeting full of so called professionals for a so called security company disputing internally about what ports are best to expose cameras to the internet with sent shivers down my spine.. massive disturbance in the force, as if millions of lines of code were suddenly erased without backups.

The thing is what you want is not as simple as you think, yes in nearly all instances its very easy.. but considering all the operating systems, versions of those operating systems, network hardware, configurations, etc there is no one size fits all approach to this.. If your all apple hardware one solution may be better than another solution if your in a all windows, sometimes your router has it built in, sometimes you have to run it your self or install custom firmware on something.. Usually the best thing is to see if anything you already have deployed has a VPN Server already built in and just needing configured, then you use whatever it is.. that could be many types and instructions.

I'll give you my professional advice free, in public, and for the benefit for all.. you can take it or leave it.. but you have to be willing to put some work into it.. Security just does not come naturally, you have to understand how it works so you know how to use it... like a deadbolt, if you dont actually take time to lock the thing it wont do anything at all.. if you come back to me saying I searched and found my router does not have support for XXX what do I do next? you'll find me a willing partner in your objective.. but if you cant be bothered to do some basic research or come back saying its far too difficult without actually knowing anything then your likely to find my help lacking.

I am not trying to simply accomplish getting everyone here on a VPN instead of Port Forwarding, Im trying to make you understand how everything works and why its done this way.. that way you dont forget to lock that deadbolt and do something like leave uPnP enabled so all your cameras are self-exposing.
 

bob2701

Getting comfortable
Joined
Jan 7, 2016
Messages
1,009
Reaction score
482
Location
Jersey Shore
You post these same messages on a lot of threads. I commend your passion, however you might want to try and locate a guide, a reference, or a tool that you can direct some people to. I'm the first to be a dick at times on certain subjects here or with certain people, but that's because certain things have been covered or referenced 1,000's of times. However, I haven't seen you cite or reference examples of the "ease" of which to accomplish this task.

Just a thought, or suggestion... Also consider doing an OP with a guide if it isn't to much trouble, then going forward be a dick and tell people they need to read the damn post explaining it.

Again, just a suggestion.
He has given me pointers, still trying to wrap my head around it but it helps.

https://www.ipcamtalk.com/showthread.php/9090-VPN-Primer
 

zero-degrees

Known around here
Joined
Aug 15, 2015
Messages
1,359
Reaction score
847
I'll try to tone it down a bit, the name calling was uncalled for.. sorry. I try to carefully craft my statements to say such behavior is foolish or ignorant, and avoid actually directly calling anyone a moron or an idiot.. last few days been pretty rough personally and I've been a bit too abrasive..

the whole image in my head of a meeting full of so called professionals for a so called security company disputing internally about what ports are best to expose cameras to the internet with sent shivers down my spine.. massive disturbance in the force, as if millions of lines of code were suddenly erased without backups.

The thing is what you want is not as simple as you think, yes in nearly all instances its very easy.. but considering all the operating systems, versions of those operating systems, network hardware, configurations, etc there is no one size fits all approach to this.. If your all apple hardware one solution may be better than another solution if your in a all windows, sometimes your router has it built in, sometimes you have to run it your self or install custom firmware on something.. Usually the best thing is to see if anything you already have deployed has a VPN Server already built in and just needing configured, then you use whatever it is.. that could be many types and instructions.

I'll give you my professional advice free, in public, and for the benefit for all.. you can take it or leave it.. but you have to be willing to put some work into it.. Security just does not come naturally, you have to understand how it works so you know how to use it... like a deadbolt, if you dont actually take time to lock the thing it wont do anything at all.. if you come back to me saying I searched and found my router does not have support for XXX what do I do next? you'll find me a willing partner in your objective.. but if you cant be bothered to do some basic research or come back saying its far too difficult without actually knowing anything then your likely to find my help lacking.

I am not trying to simply accomplish getting everyone here on a VPN instead of Port Forwarding, Im trying to make you understand how everything works and why its done this way.. that way you dont forget to lock that deadbolt and do something like leave uPnP enabled so all your cameras are self-exposing.
Well said and I tip my hat to you kind sir! You took my comments and personal views and responded accordingly with your comments and personal views in such a friendly professional manner... If only this is how all back and forth conversations could be in these forums! Sadly, there are to many ass bag trolls in the world! I do see your point!

Cheers!
 

alastairstevenson

Staff member
Joined
Oct 28, 2014
Messages
15,930
Reaction score
6,778
Location
Scotland
I try to carefully craft my statements to say such behavior is foolish or ignorant, and avoid actually directly calling anyone a moron or an idiot..
(will)

That will be good - calling folk morons is rude, offensive, demeaning and devalues the intended purpose of the comments.
1. A person who is considered foolish or stupid.
2. A person of mild mental retardation having a mental age of from 7 to 12 years and generally having communication and social skills enabling some degree of academic or vocational education. The term belongs to a classification system no longer in use and is now considered offensive.
We are all ignorant, in the true sense of the word - lacking knowledge, and willing to gain it via the help of others.
 

nayr

IPCT Contributor
Joined
Jul 16, 2014
Messages
9,329
Reaction score
5,325
Location
Denver, CO
unfortunately many devices do not support VPN connections, for me there will be many obstacles
Personally and professionally this reply drives me f'n nuts.. You guys are amateurs without a clue about IP, security is fundamentally just many obstacles.. most of which are alot easier to work around than you imagine it is.

Worst thing about the Video Security Industry is its full of actors performing theatre, mostly drama.. Willing to throw everything out the window and potentially make the entire situation worse than when they got there just so end users dont have to make a few extra clicks to access there video.

These DIY guys on this forum who make these mistakes are completely understandable, thats the way things have been done with there video games, file sharing, and chat software since they took em online.. the thing is none of those activities ever exposed you in any real way, so someone coulda joined your game or crashed your p2p app big deal.. Those were not capable of recording audio or video throughout your property and revealing your layout, presence, and security measures so why would anyone target them?

Its your industry as a whole, dont think I am just trying to rail on you to be mean.. so many pros are doing the same silly stuff.. If you guys got your shit together you could rise above all the rest and offer real protection that would stand you out from the crowd.. and there is much worse going on, door to door alarm sales? all too sad people will blab about there lack of security to any stranger with a plastic id card.. Ive worked in the industry, with the industry and now sorta against the industry.. they should have been up to speed before 2016.

Setting up VPN is easier than the rest of the install your contracted for, you guys can provide and charge for simple vpn hardware and then just give them a few profile files that they copy to each device and run.. everything will be setup and they wont have to type in anything but a login.. If your customers try to resist explain to them that an IP Camera runs a full blown operating system without any automatic security updates and you require them to be behind a firewall.. watch suddenly as they calculate how much money they have spent reinstalling windows over the last few decades before they beg you show them this VPN thing.

/rant
 
Last edited by a moderator:
Top