Potential vulnerability in NVR

wittaj said:
They have probably got in via the backdoor and that is why they logins look to be local.

We had someone here about 6 months ago with a similar issue with a Hikvision NVR and they thought they were being attempted to be hacked by someone within their house that they didn't give access to. It ended up being a backdoor vulernability.
Click to expand...

I am after finding this backdoor so that I can fix it with perimeter security if the code itself is vulnerable- any info would be of help
Click to expand...
 
wittaj said:
OK, so unless you are VPNing back into your system, you either scanned a QR code or typed in the serial number or forwarded a port, thus putting your device on the internet and making it vulnerable to one of the many backdoor exploits that seem to always pop up OR thru someone/bot trying to guess the password...

Edit - you respond within the grey areas of replies, but you mentioned you have P2P on - that is how this is happening...
Click to expand...

Is there any alternative to P2P to securely connect to NVR remotely to live stream the videos or video clips when a (physical) intruder or trip wire alarms is triggered, Using a VPN will allow to connect to the NVR itself, I believe the mobile app connects to vendor's cloud and video are stream through it

NVR-->Live stream pushed to (Cloud provider) <------------ mobile app connect to this cloud (using P2P) for live stream
Click to expand...
 
funtoosko said:
Is there any alternative to P2P to securely connect to NVR remotely to live stream the videos or video clips when a (physical) intruder or trip wire alarms is triggered, Using a VPN will allow to connect to the NVR itself, I believe the mobile app connects to vendor's cloud and video are stream through it

NVR-->Live stream pushed to (Cloud provider) <------------ mobile app connect to this cloud (using P2P) for live stream
Click to expand...

Several members already provided alternatives to P2P in their replies to this thread.

Potential vulnerability in NVR

Hi, New to this forum, I own a Dahua DHI-NVR5216-16P-4KS2E [V4.001.0000006.0, Build Date: 2021-02-08 ]and recently noted a long beep from the system, never heard such beep before, looked at the system log and noticed 5 failed login attempts and again after few minutes heard same long beep and...
ipcamtalk.com ipcamtalk.com
 
  • Like
Reactions: JDreaming, looney2ns and bigredfish
There has been another attempt to break-in to my NVR again ;(. Though I have locked down most of the ports on the router/firewall

P2P, uPnP - disabled on NVR & Firewall no port forwarding

On Firewall
All inbound traffic to NVR Management (Private IP) interface BLOCKED

Only below inbound traffic to NVR Management interface is allowed on firewall

8800:8803/UDP
3702/UDP

Outbound traffic from LAN->WAN

ALL UDP Ports
TCP/8888 - for Mobile Push notification
TCP/37777/37778 - Assuming this will enable viewing the short video clip when a mobile push notification is triggered from AI Alarms.

Not sure how they are still able to connect to my NVR ? and attempt authentication ( though they are failing) , this time they have changed their tactics to limit there repeated attempt to avoid triggering alarm (long beep)

No constructive response from local partner or Dauha cyber security team yet!

Any thoughts ?
 
I think he was asking about these from your post above:

Only below inbound traffic to NVR Management interface is allowed on firewall

8800:8803/UDP
3702/UDP
Click to expand...

Why open and have you tried blocking those?
 
Mike A. said:
I think he was asking about these from your post above:



Why open and have you tried blocking those?
Click to expand...

Believing that ports are used by mobile application DMSS to enable viewing the camera feed remotely, anyway was not able to watch live camera feed. however have disabled that firewall rule as well after noticing recent break-in attempt.
 
@funtoosko, block all incoming ports to your cameras and NVR. For the DMSS notifications to appear, I have outgoing ports 8888 and 2195 open along with outgoing port 587 for email. So if you want these notifications and email, open only those ports outgoing. They are the only ones that pass traffic out according to my syslog server when notifications and email are generated by the NVR and cameras. To access the management of the NVR, or to view the live stream from your home, set up a VPN in your router or use a raspberry Pi (www.pivpn.io) or use Zero Tier on an always-on computer to access the NVR from outside your home. The notification will come to your phone - if you are outside your home, you then turn on the VPN on your phone and you can then access DMSS to view. Alternatively you can view the snapshot photo that may have been sent with the email but you don't need VPN for that.

I have my NVR and cameras setup as above and have had no intrusions. Double check that P2P is disabled on your cameras and NVR. Change your password on your NVR and cameras.

I am also confused by what you have written regarding whether you have ports opened or not. It seems you have ports opened??

I would start by blocking ALL ports to NVR and cameras and changing the NVR and camera password and see what happens over the 24 hours. Double check that P2P is OFF and that it remains off after your reboot the cameras and NVR. If you want, you can also check if there is a firmware update for your NVR.
 
  • Like
Reactions: sdkid, JDreaming and looney2ns
You must log in or register to reply here.
Top Bottom