My BlueIris hacked?

reflection

Getting comfortable
Joined
Jan 28, 2020
Messages
348
Reaction score
261
Location
Virginia
So I noticed these alerts on my IDS this afternoon. This has not happened before so I'm wondering if my BlueIris may have been hacked? This is a dedicated Windows machine for BlueIris. These are all RTSP requests between my BlueIris and my camera.

Has anyone seen this?

These two CVE's:


Screen Shot 2020-05-18 at 3.17.35 PM.png
 

pozzello

Known around here
Joined
Oct 7, 2015
Messages
2,270
Reaction score
1,117
er, those are both pretty old vulnerabilties. the first does relate to hikvision cams, but only if you let them be accessible from the internet. the second seems related to VLC player's Live555 library. unclear if BI uses a similar library or is (still) vulnerable. could just be someone attempting old exploits no longer a threat, or not a problem when targetted at BI...
 

reflection

Getting comfortable
Joined
Jan 28, 2020
Messages
348
Reaction score
261
Location
Virginia
er, those are both pretty old vulnerabilties. the first does relate to hikvision cams, but only if you let them be accessible from the internet. the second seems related to VLC player's Live555 library. unclear if BI uses a similar library or is (still) vulnerable. could just be someone attempting old exploits no longer a threat, or not a problem when targetted at BI...
I'm not too concerned about these alerts, but I find it interesting that Blue Iris is the source of the Hikvision probes. 192.168.26.20 is the IP address of BI. It's riding over TCP port 554 (RTSP), which happens to be allowed through my firewall. I believe it's a false positive. My network is locked down so all ports are blocked except only what's necessary. The firewall and IDS sits right in front of BI and is dedicated to BI.

Screen Shot 2020-05-27 at 10.24.11 AM.png
 
Top