Is my port open or not?

tenohfive

n3wb
Joined
Aug 1, 2018
Messages
12
Reaction score
0
Location
UK
I've got BI setup with OpenVPN having followed a guide on here I believe.
However when using a tool recently it was showing that a camera has several open ports,notably port 80. When I type that into a web browser I get the login page for the manufacturer of the camera.

I've chased my tail going through these forums and elsewhere, and observed the following:

When connecting directly to the same network it's shown as open.
Connecting to the same network by OpenVPN it's shown open.
Connecting from off the network, without the OpenVPN it's shown as closed.

When connected directly or via OpenVPN and I type in the IP into a browser I get the login page for the camera manufacturer.

So my question is - is the camera exposed? If so, how do I secure it?
 

catcamstar

Known around here
Joined
Jan 28, 2018
Messages
1,659
Reaction score
1,193
Let's give the things a name first: if your cam resides on IP address 192.168.20.101.

Typing that IP address (http://192.168.20.101) would not work from the internet, nor 4G, nor satellite. Never ever. Period. So that port is "always" blocked.

When you are hooked up to your LAN (through ethernet cable or wifi), your device gets an IP in the same subnet (eg 192.168.20.159). Then you can, without any "hops" jump into that battlestation. So that port is "always" opened.
The same applies with an OpenVPN client active (on internet, 4G, satellite, etc): your device gets "nested" inside the same subnet (192.168.20.x) although the OpenVPN server will take into account any required routing. So that port is "always" opened under condition you enabled: allow LAN access in your OpenVPN server configuration.

The main question you should ask yourself:
- if you are afraid that your cams are reachable from the internet, you should query your WAN (public) IP address with tools like GRC to see if any ports are opened.
- but do verify your router setup (port forwardings are a no-go, Upnp are a no-go).
- also verify whether you want your IPCs "call home" (eg disable outbound internet access - some routers have parental controls)
- do you want to achieve (higher) level of security, you could opt to make your BI pc visible on your LAN / OpenVPN, but put your IPCs in a seperate (v)lan. But that's more for the more "advanced" users.

Hope this helps you out!
CC
 
Top