I think zero tier uses no open ports or something.
I personally don't care if Xi Jinping is looking at my grass growing, I just use P2P.
NVR continually contacts many Dahua Websites
- Thread starter Nick70068
- Start date
I personally don't care if Xi Jinping is looking at my grass growing, I just use P2P.
bigredfish
Known around here
Yeah wasn't LG stealing information and listening in on conversations?I dare someone to post the datastream of their internet connected TV
Eufy was posting snapshots on their servers accessible to anyone who went looking after lying that they don't host anything.
I dunno why people are so concerned about the Chinese but if the Americans do it all good.
Hackers don't care about your camera feed. Hackers use a vulnerable device (NVR or camera or any other IoT) that has ZERO protection on it to get into your LAN and either scrape it for bank info or use your ISP as a bot for DDoS attacks. Your antivirus software and router firewall do not block this crap because you gave an open door directly to your system to bypass these measures.
That is why many of us don't have the Alexa, don't connect smart TVs to our internet, etc.
But many that do have those types of things VLAN them off so they cannot talk to other stuff on the LAN. Doesn't prevent a bot from taking over that specific device to DDoS, but at least it prevents them from scraping your data.
The only way to completely prevent it is to not allow the device to connect to anything and truly be a CCTV system.
But that is unrealistic to most.
Most here will agree that port forwarding directly to your NVR is the least safe. Although the great internet has many articles that state it is OK lol.
Then there is a debate as to if P2P or OpenVPN or something like ZeroTier is the next safer option.
Arguments are made both ways.
P2P you are relying on the NVR manufacturer's servers to not be hacked. You have zero control over those.
Same with ZeroTier. You are relying on someone else's servers to make that connection. Anytime you are relying on someone else, it can be hacked.
OpenVPN is hosted locally, either native to the router or installed on a computer.
In theory you have the most control over this since it is all in your house.
But it relies on opensource coding that can be hacked as well.
You are relying on your computer and router to be up to date and not allow bad actors in. But that is the same regardless of the solution you are using.
So you take extra steps like the firewall device @bigredfish has that allows you to monitor everything.
Take steps to further minimize access to stuff.
Regardless of which platform you use to access your stuff remotely, have it be isolated from the rest of the system so that the entire system isn't compromised.
Set up procedures that lets you know whenever something connects or logs in to your device. Doesn't necessarily prevent the backdoor exploit, but take any steps possible to eliminate those risks.
Or just say F it and use port forward or P2P blindly like most of society. At the end of the day, most don't get hacked. It just sucks if you are one of them that do.
Yes but once the NVR is "hacked" then they need to run neferious code on the NVR to scrape for bank details, which again is harder than using a phone or PC to run code.
bigredfish
Known around here
Side Note:
On OpenVPN vs WireGuard
I have come to prefer WireGuard as it appears to be a LOT faster and the code gurus tell me its much more efficient and less vulnerable.
The Firewalla box has both built-in as do a number of Asus routers
On OpenVPN vs WireGuard
I have come to prefer WireGuard as it appears to be a LOT faster and the code gurus tell me its much more efficient and less vulnerable.
The Firewalla box has both built-in as do a number of Asus routers
I only allow NTP and Apple push notification connections outbound. Everything else requires me to VPN into the cctv subnet. Makes me feel better when im asleep 