Logins

[spurs73]

Hello I have a Hikvision DS-7608NI-SE/8P NVR and recently I was looking at my logs and notice I have illegal logins. Has anybody been through this problem, what can I do to stop this. It's been happening for a while, I notice this back 8/12.

1 2015-09-01 17:28:09 Exception Illegal Login admin 10.224.120.103
2 2015-09-01 17:37:04 Exception Illegal Login admin 10.224.120.103
3 2015-09-01 17:48:47 Exception Illegal Login admin 10.224.120.103
4 2015-09-01 18:33:29 Exception Illegal Login admin 10.224.120.103
5 2015-09-01 19:25:09 Exception Illegal Login admin 10.79.244.115
6 2015-09-01 20:51:28 Exception Illegal Login admin 10.79.244.115
7 2015-09-01 21:00:40 Exception Illegal Login admin 10.79.244.115
8 2015-09-01 21:03:14 Exception Illegal Login admin 10.79.244.115

 

[alastairstevenson]

These are nominally 'private' IP addresses, not routed on the public internet.
Presumably you are on a home network. Have you exposed any of it to inbound internet access, eg set up port forwarding to any device?
What devices do you have on your network that would be powered on at the times in the log?
One possibility, admittedly not very likely, is that there is a compromised device on your network that's running scans using spoofed IP addresses.

 

[khx73]

I had a couple show up too back in April, both from the 192.168.x.x private ip range. None of which I've ever used. I since locked it down a lot better.
From what I can tell, it's a login attempt on the SDK service port (8000 by default). Such as is used by the remote apps like iVMS. You should change the default port, and also limit connectivity from the outside world by IP address range, etc.

 

[Dreamboat]

This is rather bug or one of the not well developed features of Hikvision. I often do see such records in the log files coming from private IP addresses like 10.*.*.* or 192.*.*.* This actually is the private address which is staying behind the real address of the attacker. In fact that information makes no sence. I was thinking to tell Hikvision about this bug, but can't find enough free time to investigate it more deeply.