Nmap port questions

[Pilot04]

After seeing several mentions of using nmap on this forum, I installed nmap on my pi3 and used it to scan a couple IPCs I have installed so far and see the results below. Anything that stands out with their currently open ports? I've disabled upnp on all cameras and in router along with setting up VPN for remote viewing. I would've guessed that all Dahua and Amcrest would have same ports open but the 5231R-ZE had 3800 pwgpsi and 49152 unknown missing compared to 4431C-A-V2. Also, what is the port 22 filtered ssh for the Annke/hik cube as I didn't see any options to even disable ssh in their web ui.

Dahua HDW4431C-A-V2
PORT STATE SERVICE
80/tcp open http
554/tcp open rtsp
3800/tcp open pwgpsi
5000/tcp open upnp
49152/tcp open unknown

Dahua HDW5231R-ZE
PORT STATE SERVICE
80/tcp open http
554/tcp open rtsp
5000/tcp open upnp

Annke cube(flashed to Hikvision FW)
PORT STATE SERVICE
22/tcp filtered ssh
80/tcp open http
554/tcp open rtsp
8000/tcp open http-alt

Amcrest 1080p
PORT STATE SERVICE
80/tcp open http
554/tcp open rtsp
3800/tcp open pwgpsi
5000/tcp open upnp
49152/tcp open unknown

 

[alastairstevenson]

what is the port 22 filtered ssh for the Annke/hik cube as I didn't see any options to even disable ssh in their web ui.

It means that dropbear (the SSH server) is running, but the IPtables filter is dropping the packets forwarded to that port.
You can enable SSH using the Hikvision Batch Configuration Tool.

 

[Pilot04]

It means that dropbear (the SSH server) is running, but the IPtables filter is dropping the packets forwarded to that port.
You can enable SSH using the Hikvision Batch Configuration Tool.

Thanks for info on the tool. I downloaded it from Hikvision but still couldn't find SSH. Anyway, I'm fine with it dropping SSH packets to port 22 as I don't need it enabled at this time.

 

[mat200]

Thanks for info on the tool. I downloaded it from Hikvision but still couldn't find SSH. Anyway, I'm fine with it dropping SSH packets to port 22 as I don't need it enabled at this time.

Hi Pilot04,

Still wondering what else is happening on some of those ports... so far I have not found much info on some of them, have you seen more on this yet?

 

[Pilot04]

Hi Pilot04,

Still wondering what else is happening on some of those ports... so far I have not found much info on some of them, have you seen more on this yet?

No, I haven't found much out there. I would've thought all Dahua and rebrands would behave the same but looks like HDW5231R-ZE is the only one in my possession that has the lowest open ports of 3 compared to 5 open ports on it's peers. I disabled upnp on all cameras and all still have port 5000 as open status which is weird. Don't even have a clue on what the unknown 49152 port is associated with. Maybe I should remove the gateway entry on all of these cameras as well....

I'm looking to use the idmss app for push notification to my phone so hope it can talk to the NVR and not require access to individual cameras if I try to lock down the cameras too much. Still need to research setting up push notifications for Dahua NVR.

 

[Mike A.]

From someone else's dump of a Dahua boot log:

Start Upnp Mini Server success! listen port: 49152

Looks to be used as a control port for UPnP.

 

[Pilot04]

From someone else's dump of a Dahua boot log:



Looks to be used as a control port for UPnP.

Thanks for that information. I guess there is no permanent way to disable upnp on 4431C-A and Amcrest dahua rebrands if upnp is still open on port 5000 and 49152. Would there be a way to make it filtered status like port 22 on the hikvision nmap output?

 

[mat200]

@CPO do you have the ability to do an nmap scan on the Lorex camera? ( you would need to connect a laptop to the lorex NVR ) I am curious what ports Lorex has open on their cameras, as @Pilot04 found some variations in the Dahua OEM cameras. ( Dahua China market camera, Dahua OEM international mode, Amcrest rebrand of Dahua )

 

[CPO]

I can try that!

@CPO do you have the ability to do an nmap scan on the Lorex camera? ( you would need to connect a laptop to the lorex NVR ) I am curious what ports Lorex has open on their cameras, as @Pilot04 found some variations in the Dahua OEM cameras. ( Dahua China market camera, Dahua OEM international mode, Amcrest rebrand of Dahua )

 

[Pilot04]

My Dahua HDW4631C-A
PORT STATE SERVICE
80/tcp open http
554/tcp open rtsp
3800/tcp open pwgpsi
5000/tcp open upnp

 

[Pilot04]

My Hikvision (RCA rebrand) Wi-fi Video Doorbell
PORT STATE SERVICE
80/tcp open http
443/tcp open https
554/tcp open rtsp
8000/tcp open http-alt
9010/tcp open sdr
49152/tcp open unknown