Network security questions

J

JPmedia

Getting comfortable
Sep 11, 2024
834
692
Southeast
I changed my LAN IP address range a few days ago from 192.169.X.XXX to 192.168.X.XXX on advice from more experienced users on the board due to odd issues with my security cams.

Yesterday I noticed changes to the settings of one of my LPR cams and this morning, I woke up to one of my backyard cams being offline with "Invalid username or password" displayed on that channel. A check of the recording timeline shows it went offline at 4:33 AM. I reconnected it at 5:42am and it was back to normal.

I've been checking firewall settings, EST security settings and did a scan of IP addresses from the Advanced IP scanner

The scanner turned up 7 active IP addresses from the previous IP range 192.169.X.XXX that have no mac addresses. I can ping them and get a response, but the connection times out if I enter the IP address in a browser. These IP addresses NEVER showed up in the past with scan, so it makes me wonder what changed.

I have attached screenshots of the scan results and a trace of one of the addresses. A trace on any of those 192.169.X.XXX addresses reveals the same results
 

Attachments

  • IPscan2.jpg
    IPscan2.jpg
    116.3 KB · Views: 0
  • Tracert1.jpg
    Tracert1.jpg
    100.1 KB · Views: 0
A little whatis/whois search shows that all of the domains in the trace are parts of AT&T which is our internet provider. I just wonder why they show up now and not in previous searches?
 
#1 you need to check your router, and maybe have someone with networking experience look at it.

Make 100% sure you are not port forwarding and do not have UpNp enabled.

Your NVR is a PoE model?, if so are ALL cameras plugged into this and have 10.1.1.X addresses?

Any stray wifi or other cams or devices on the old 192.169 range?

Your router should be allocating one DHCP pool in the 192.168.1.X range for your LAN devices
Is the ATT Arris provided by your internet provider your sole and only modem/router combo?

* Note I hate combo Modem/routers. I demand my provider give me a modem I can set in pass through mode, with admin rights, and buy my own router to manage my network.
 
+1 above.

ISP supplied combo modem/routers are evil.

The benefit to having your own router is control of your bandwidth. Some ISPs tout their far reaching wifi hotspots as a selling point to use their mobile service.

When using an ISP issued router, they can use it as a hotspot for their other customers without your approval or knowledge, which depending on that persons use, could slow down your internet speeds.

Maybe those unknown IPs are their customers connecting to your system.

Don't believe me, turn on to allow you to connect to an ISP hotspot and walk around your neighborhood and see if you find which neighbors are providing that without them knowing it LOL.

Or go to your ISP and see if they have a map showing the wifi hotspots that are clearly at a residential house:

1750981252273.png
 
  • Like
Reactions: bigredfish
bigredfish said:
#1 you need to check your router, and maybe have someone with networking experience look at it.
Click to expand...
I checked and did not see anything that would raise a red flag, then again, my IT experience is limited

bigredfish said:
Make 100% sure you are not port forwarding and do not have UpNp enabled.
Click to expand...
I could not find a selection for these functions anywhere in the settings. Maybe I'm missing it

bigredfish said:
Your NVR is a PoE model?, if so are ALL cameras plugged into this and have 10.1.1.X addresses?
Click to expand...
Yes

bigredfish said:
Any stray wifi or other cams or devices on the old 192.169 range?
Click to expand...
Not that I am aware of

bigredfish said:
Your router should be allocating one DHCP pool in the 192.168.1.X range for your LAN devices
Is the ATT Arris provided by your internet provider your sole and only modem/router combo?
Click to expand...
It only shows one range of IP addresses for DHCP 192.168.X.XXX. ATT is our internet provider, and we have an Arris BGW210-700 modem/router
 
Our neighbor also has ATT. This is the Nosey guy from the other thread. The same one that walked all the way across the street to look at the camera I just installed facing the cul-de-sac.

He and the neighbor next to him had a feud going on for years and the neighbor moved in 2020. I'm talking cameras pointed at each other Wi-Fi attacks, you name it. I'm not saying he's the one causing all this, but he certainly has the experience and know how.

Now that I think of it, these issues with odd behavior started soon after I installed that camera .... hmmmm
 
I need to figure out how to temporarily disable Wi-Fi on the Arris to confirm if it is coming from there. I certainly believe it could be.
 
All those 192.169.2.XXX addresses have no mac addresses, I don't believe they are hardware, I think they are IP addresses assigned to virtual machines.

It has to be someone who is able to see changes made to my LAN/devices on a real-time basis, because I make a change (password, IP, etc.) and soon after the shenanigans continue
 
You will continue to have problems of various kinds as long as you rely on that single box for your modem and router.

Its been a while since I was in one at my buddies house, but there are menus under ?Firewall

Wifi itself isnt really the biggest problem. Finding out why those 192.169 addresses are inside your network would be my first concern
 
You must log in or register to reply here.
Top Bottom