My BlueIris hacked?

[reflection]

So I noticed these alerts on my IDS this afternoon. This has not happened before so I'm wondering if my BlueIris may have been hacked? This is a dedicated Windows machine for BlueIris. These are all RTSP requests between my BlueIris and my camera.

Has anyone seen this?

These two CVE's:

CVE - CVE-2014-4880

CVE - CVE-2013-6933

 

[pozzello]

er, those are both pretty old vulnerabilties. the first does relate to hikvision cams, but only if you let them be accessible from the internet. the second seems related to VLC player's Live555 library. unclear if BI uses a similar library or is (still) vulnerable. could just be someone attempting old exploits no longer a threat, or not a problem when targetted at BI...

 

[reflection]

er, those are both pretty old vulnerabilties. the first does relate to hikvision cams, but only if you let them be accessible from the internet. the second seems related to VLC player's Live555 library. unclear if BI uses a similar library or is (still) vulnerable. could just be someone attempting old exploits no longer a threat, or not a problem when targetted at BI...

I'm not too concerned about these alerts, but I find it interesting that Blue Iris is the source of the Hikvision probes. 192.168.26.20 is the IP address of BI. It's riding over TCP port 554 (RTSP), which happens to be allowed through my firewall. I believe it's a false positive. My network is locked down so all ports are blocked except only what's necessary. The firewall and IDS sits right in front of BI and is dedicated to BI.