PFBlocker for PFSense
- Thread starter Sparkey
- Start date
Well, I think you could think it in this way instead, if u have cameras (non-official I guess) and u havent checked these in deepth. They are in the same zone as your blue iris server so have protection on the wan edge and dns, i would not be so sure that u are so secure 
Always best to have cameras on seperate vlan, especially when they are usually also outside.
However, pfblocker and suricata is really good to have on fw of course
Ps. If neccessary to have it on same vlan, full drop in the fw for the cameras ip range (if no local ntp I guess ntp to specific src is ok)
Always best to have cameras on seperate vlan, especially when they are usually also outside.
However, pfblocker and suricata is really good to have on fw of course
Ps. If neccessary to have it on same vlan, full drop in the fw for the cameras ip range (if no local ntp I guess ntp to specific src is ok)
TL1096r
IPCT Contributor
- Jan 28, 2017
- 1,211
- 471
That is odd. You are using a vpn and still see them trying to connect. Luckily I am only seeing UI3 I have and old phone logins etc but nothing suspicious.
Cameras are on their own subnet. Login attempts are for BI. BI and server it runs on are protected by an uncrackable passwords.
TL1096r
IPCT Contributor
- Jan 28, 2017
- 1,211
- 471
Yes. What do the log in attempts on BI Status - Connections look like? I am just curious. I didn't think it could be accessed.
But then I dont understand what pfblocker adds for value if the attempts are for BI from WAN and you havent publish it externally?
Pfblocker should not be used on wan interface in general if no public services are published. So if you have vpn, you csn add a pfblocker rule for only that port so to speak.
So yeah, im also curious now whats going on
No one has gained access but I'm still concerned and prefer that people in China, Russia and whatever other country I choose to block do not get past my router. Simple as that.
My BI server has 2 network interfaces. One for the cams (192.168.5.XX) and the other for Internet. (192.168.1.xx).
PFBlocker does the job.
My BI server has 2 network interfaces. One for the cams (192.168.5.XX) and the other for Internet. (192.168.1.xx).
PFBlocker does the job.
TL1096r
IPCT Contributor
- Jan 28, 2017
- 1,211
- 471
Nice. What are you using to run it. I am trying to find a little computer that might do the job. So do you use vlans or just 2 network cards?
TL1096r
IPCT Contributor
- Jan 28, 2017
- 1,211
- 471
That would clear up some confusion. Open ports I did see odd connections. With asus/openvpn seems much better.
CCTVCam
Known around here
- Sep 25, 2017
- 2,856
- 3,736
Not sure it adds much safety although it's better than default. If you block by IP, what about the Chinese hacker who detects the camera and uses a proxy service eg a server based in the US to circumvent IP based Geolocation restrictions?
Best way is to make sure your camera is not visible or accessible to the wider internet either directly or by exploit / back door. That way, there's nothing to go after. Certain OSINT Tools will soon find your cameras IP's and sub addresses if they are visible to the internet even if popular search engines show no results.
Best way is to make sure your camera is not visible or accessible to the wider internet either directly or by exploit / back door. That way, there's nothing to go after. Certain OSINT Tools will soon find your cameras IP's and sub addresses if they are visible to the internet even if popular search engines show no results.
whoami ™
Pulling my weight
Most connection attempts are from bots randomly scanning ports. If you set up a honeypot on a server that captures IP's you'd literally see hundreds of connection attempts a day. Some open ports get more than others, and no port is exempt.
Last edited:
I average 2300 per HOUR, with peaks of over 4000 per HOUR between firewall port scans and WIFI ASSOC scans both of which I log to syslogd server.
So YEAH, wild west out there on the interwebs.