Menu
What's new

Logins

S

spurs73

n3wb
Joined
Mar 25, 2014
Messages
1
Reaction score
0
Hello I have a Hikvision DS-7608NI-SE/8P NVR and recently I was looking at my logs and notice I have illegal logins. Has anybody been through this problem, what can I do to stop this. It's been happening for a while, I notice this back 8/12.

1 2015-09-01 17:28:09 Exception Illegal Login admin 10.224.120.103
2 2015-09-01 17:37:04 Exception Illegal Login admin 10.224.120.103
3 2015-09-01 17:48:47 Exception Illegal Login admin 10.224.120.103
4 2015-09-01 18:33:29 Exception Illegal Login admin 10.224.120.103
5 2015-09-01 19:25:09 Exception Illegal Login admin 10.79.244.115
6 2015-09-01 20:51:28 Exception Illegal Login admin 10.79.244.115
7 2015-09-01 21:00:40 Exception Illegal Login admin 10.79.244.115
8 2015-09-01 21:03:14 Exception Illegal Login admin 10.79.244.115
 
alastairstevenson

alastairstevenson

Staff member
Joined
Oct 28, 2014
Messages
15,984
Reaction score
6,805
Location
Scotland
These are nominally 'private' IP addresses, not routed on the public internet.
Presumably you are on a home network. Have you exposed any of it to inbound internet access, eg set up port forwarding to any device?
What devices do you have on your network that would be powered on at the times in the log?
One possibility, admittedly not very likely, is that there is a compromised device on your network that's running scans using spoofed IP addresses.
 
K

khx73

Getting the hang of it
Joined
Jul 8, 2015
Messages
91
Reaction score
34
Location
Canada
I had a couple show up too back in April, both from the 192.168.x.x private ip range. None of which I've ever used. I since locked it down a lot better.
From what I can tell, it's a login attempt on the SDK service port (8000 by default). Such as is used by the remote apps like iVMS. You should change the default port, and also limit connectivity from the outside world by IP address range, etc.
 
D

Dreamboat

Getting the hang of it
Joined
Jun 24, 2015
Messages
107
Reaction score
26
This is rather bug or one of the not well developed features of Hikvision. I often do see such records in the log files coming from private IP addresses like 10.*.*.* or 192.*.*.* This actually is the private address which is staying behind the real address of the attacker. In fact that information makes no sence. I was thinking to tell Hikvision about this bug, but can't find enough free time to investigate it more deeply.
 
You must log in or register to reply here.
Top