Q-See Closing Doors Jan 31st 2021 No More Remote Viewing, Options to fix

alexj

alexj

n3wb
Jan 30, 2021
17
7
Atlanta
Hello All,
This post is about to generate 1000's of views. Many people are about to find out their Q-See systems will stop P2P sharing and will not be able to remote view because the vendor is going out of business tomorrow. Q-See has recommended to use remote access via DMZ and enable DHCP. Basically, turning off your router’s firewall and allowing an outside connection directly to your NVR. (directions found on their web site). However, everything I’ve read about it states this could open your network up to hacker attacks. I want to use this as a brain storming area and pick people’s knowledge. (Maybe port forwarding and how to do it). Please reframe from “you shouldn’t have bought Q-See in the first place (Yes Yes I know).

Option 1: Do the DMZ and risk it.

Option 2: So from what I have gather is that many of their systems were made by Dahua and should be easy to buy a Dahua NVR of similar specs and use their software and their web/phone apps to remote view. (Onvif compliant) For the most part plug and go.

Option 3: Buy or build a windows based computer/server for use as a NVR and buy a POE switch and install Blue Iris software to manage it. (most likely the most powerful and best way to achieve best recording) But uses more power than a standalone NVR?

For me I’m running a QC826 16 channel NVR (total record data max of 320MBPS) (4 full resolution channels and the rest up to 1080P) I have 3 different PTZ cameras and many 4K camera’s IP cameras and wireless cameras. Some direct connect and others running through google mesh system. I installed it myself and self-taught through trial and error. I’m looking at two different Dahua NVR models :
(Both 16 channels below)
N42B3P
nvr5216/5232-16p-4ks2e

I guess people will want to know about cost factor. It will depend on what others have already and what they want to do. I’m leaning toward a new/used Dahua NVR ($300 to $600) using the existing two hard drives in my current NVR. But if you have a computer you can convert, Blue Iris may work better.

Just to be clear all Q-see’s NVR's will still keep recording to the NVR and will be unaffected. Just remote viewing will be affected. Sorry for my typo’s just wanted to get this out and going

Alex

 
  • Like
Reactions: tech101 and AliQ
People transitioning from a manufacturer-provided "P2P" connection method will need a different way to connect, but most or all features should still be usable.

I'd start by getting set up with a Dynamic DNS service (DDNS). IPCamTalk has free dynamic DNS available via the TOOLS menu at the top: IPCT DDNS . Then set up a VPN server on your router (if it has such a feature) or on a raspberry pi or other always-on PC. Once you connect to your VPN server, it is like you are on your local home network and you can access the NVR by entering its IP address.

The far more common option is to forward a port because that is easy, but that is what gets you hacked because it exposes your NVR to the entire internet.

How to Secure Your Network (Don't Get Hacked!)

Many camera networks are unsecure, even those installed by professionals. This guide gives basic instruction in how to secure a camera network from the most common types of attacks. Perhaps the most important rule of securing a computer network is to not forward ports to unsecure services...
ipcamtalk.com ipcamtalk.com

Port forwarding to cameras and NVRs is just asking to get hacked. Blue Iris is a bit of a special case because you can keep it up to date a lot easier and any bad security problems are likely to be fixed very quickly after being discovered.
 
Last edited:
  • Like
Reactions: J Sigmo, CCTVCam, TonyR and 5 others
I bought a Dahua NVR5216-16P-4KS2E to replace my QC826 last week from Andy aat Empire tech via amazon. It's the exact same as the QC826. I can even plug the front panel into it if I choose to. My cameras (also mfg by Dahua work perfectly on it, all functions. Currently trying to get the cameras working through Blue Iris (bought here) because I don't like Smart PSS, same as QC View for PC but with alarms I can't get to turn off. Using BI requires me using a POE switch to plug the cameras into for an IP address.
See my other posts.
 
  • Like
Reactions: alexj
alexj said:
Option 1: Do the DMZ and risk it.

Option 2: So from what I have gather is that many of their systems were made by Dahua and should be easy to buy a Dahua NVR of similar specs and use their software and their web/phone apps to remote view. (Onvif compliant) For the most part plug and go.

Option 3: Buy or build a windows based computer/server for use as a NVR and buy a POE switch and install Blue Iris software to manage it. (most likely the most powerful and best way to achieve best recording) But uses more power than a standalone NVR?
Click to expand...
1) The p2p was not secure in the first place.
2) same issue as number 1
3) An efficient i5-6500 system that can be purchased for 120 bux or so will consume about 30-40w under a average load VS 10w or so with an NVR. The difference is negligible.
See the wiki on securing your network and setup a vpn. No need to replace the NVR if you like it.
 
  • Like
Reactions: TonyR, Flintstone61, alexj and 1 other person
Is there a short explanation of how P2P is a security risk, other than the possibility of your video being spied on?
 
  • Like
Reactions: AliQ
tigerwillow1 said:
Is there a short explanation of how P2P is a security risk, other than the possibility of your video being spied on?
Click to expand...
sec-consult.com

Millions Of Xiongmai Video Surveillance Devices Can Be Hacked Via Cloud Feature (Xmeye P2p Cloud)

All devices from Xiongmai, a Chinese OEM who manufactures white-label video surveillance equipment, come with an always-on cloud feature called XMEye P2P cloud. This feature contains serious vulnerabilities that allow attacks on millions of devices, even ones that are behind firewalls
sec-consult.com sec-consult.com
 
  • Like
Reactions: CCTVCam, tigerwillow1, Flintstone61 and 3 others
fenderman said:
sec-consult.com

Millions Of Xiongmai Video Surveillance Devices Can Be Hacked Via Cloud Feature (Xmeye P2p Cloud)

All devices from Xiongmai, a Chinese OEM who manufactures white-label video surveillance equipment, come with an always-on cloud feature called XMEye P2P cloud. This feature contains serious vulnerabilities that allow attacks on millions of devices, even ones that are behind firewalls
sec-consult.com sec-consult.com
Click to expand...
fenderman said:
sec-consult.com

Millions Of Xiongmai Video Surveillance Devices Can Be Hacked Via Cloud Feature (Xmeye P2p Cloud)

All devices from Xiongmai, a Chinese OEM who manufactures white-label video surveillance equipment, come with an always-on cloud feature called XMEye P2P cloud. This feature contains serious vulnerabilities that allow attacks on millions of devices, even ones that are behind firewalls
sec-consult.com sec-consult.com
Click to expand...
This is pretty much black magic to me and would appreciate a bit of handholding. According to the post @tigerwillow1 provided there's a chance that aside from being able to view the cam video hackers could actually get into the network the nvr is attached to. Is port forwarding equivalent to P2P? I don't really care if anyone sees my cams, there's nothing private on them but I would be concerned about the risk of my home network being hacked.
 
bp2008 said:
People transitioning from a manufacturer-provided "P2P" connection method will need a different way to connect, but most or all features should still be usable.

I'd start by getting set up with a Dynamic DNS service (DDNS). IPCamTalk has free dynamic DNS available via the TOOLS menu at the top: IPCT DDNS . Then set up a VPN server on your router (if it has such a feature) or on a raspberry pi or other always-on PC. Once you connect to your VPN server, it is like you are on your local home network and you can access the NVR by entering its IP address.

The far more common option is to forward a port because that is easy, but that is what gets you hacked because it exposes your NVR to the entire internet.

How to Secure Your Network (Don't Get Hacked!)

Many camera networks are unsecure, even those installed by professionals. This guide gives basic instruction in how to secure a camera network from the most common types of attacks. Perhaps the most important rule of securing a computer network is to not forward ports to unsecure services...
ipcamtalk.com ipcamtalk.com

Port forwarding to cameras and NVRs is just asking to get hacked. Blue Iris is a bit of a special case because you can keep it up to date a lot easier and any bad security problems are likely to be fixed very quickly after being discovered.
Click to expand...
Hacked as in having access to see the cams or hacked as in getting access to computers on the network?
 
bp2008 said:
People transitioning from a manufacturer-provided "P2P" connection method will need a different way to connect, but most or all features should still be usable.

I'd start by getting set up with a Dynamic DNS service (DDNS). IPCamTalk has free dynamic DNS available via the TOOLS menu at the top: IPCT DDNS . Then set up a VPN server on your router (if it has such a feature) or on a raspberry pi or other always-on PC. Once you connect to your VPN server, it is like you are on your local home network and you can access the NVR by entering its IP address.

The far more common option is to forward a port because that is easy, but that is what gets you hacked because it exposes your NVR to the entire internet.

How to Secure Your Network (Don't Get Hacked!)

Many camera networks are unsecure, even those installed by professionals. This guide gives basic instruction in how to secure a camera network from the most common types of attacks. Perhaps the most important rule of securing a computer network is to not forward ports to unsecure services...
ipcamtalk.com ipcamtalk.com

Port forwarding to cameras and NVRs is just asking to get hacked. Blue Iris is a bit of a special case because you can keep it up to date a lot easier and any bad security problems are likely to be fixed very quickly after being discovered.
Click to expand...
superuser.com

How safe is port forwarding in general?

Say I have a few ports open for gaming. My questions are Can I be hacked if the attacker knows my specific external IP? Can hacker access my router and setting by getting through these ports? If ...
superuser.com superuser.com
 
  • Like
Reactions: Flintstone61
Nobody cares about your video feed. They are looking for a way into your system to then use it as a Denial of Service (DoS) attack with a bot originating from your IP address and these security cameras are notorious for not having rigorous security protocols (ironic isn't it). DoS attacks are illegal under the Computer Fraud and Abuse Act. Starting a DoS attack against a network without permission is going to cost you up to 10 years in prison and up to a $500,000 fine. Or to get into a computer on your system and steal all your banking info. Either way you are screwed. This can be greatly reduced by not using P2P or port forwarding.

Think they catch the hacker that got in to your system halfway around the world or will they look at you....even if you can prove it wasn't you, there is a lot of explaining and red tape and who knows what else. Internet provider may ban you as well.

Check out this test a member did:

Hikvision Honeypot Hackathon

We get quite a lot of posts about port forwarding - and quite a lot of good advice in response about the risks, and pointers to more secure remote access methods. And we still get posts related to the Hikvision backdoor vulnerability, where camera passwords are mysteriously lost, or cameras...
ipcamtalk.com ipcamtalk.com
 
  • Like
Reactions: mat200 and Flintstone61
Sounds scary but I haven't heard of individuals punished for having their equipment highjacked for dosConsidering the sheer number of people who don't even change passwords on the factory setup there should be plenty of easily accessible hardware out there to hack. Thanks for the wireshark information, it sounds useful in the era where even cybersecurity firms get hacked..solarwinds or something like that?
 
alexj said:
Hello All,
This post is about to generate 1000's of views. Many people are about to find out their Q-See systems will stop P2P sharing and will not be able to remote view because the vendor is going out of business tomorrow. Q-See has recommended to use remote access via DMZ and enable DHCP. Basically, turning off your router’s firewall and allowing an outside connection directly to your NVR. (directions found on their web site). However, everything I’ve read about it states this could open your network up to hacker attacks. I want to use this as a brain storming area and pick people’s knowledge. (Maybe port forwarding and how to do it). Please reframe from “you shouldn’t have bought Q-See in the first place (Yes Yes I know).

Option 1: Do the DMZ and risk it.

Option 2: So from what I have gather is that many of their systems were made by Dahua and should be easy to buy a Dahua NVR of similar specs and use their software and their web/phone apps to remote view. (Onvif compliant) For the most part plug and go.

Option 3: Buy or build a windows based computer/server for use as a NVR and buy a POE switch and install Blue Iris software to manage it. (most likely the most powerful and best way to achieve best recording) But uses more power than a standalone NVR?

For me I’m running a QC826 16 channel NVR (total record data max of 320MBPS) (4 full resolution channels and the rest up to 1080P) I have 3 different PTZ cameras and many 4K camera’s IP cameras and wireless cameras. Some direct connect and others running through google mesh system. I installed it myself and self-taught through trial and error. I’m looking at two different Dahua NVR models :
(Both 16 channels below)
N42B3P
nvr5216/5232-16p-4ks2e

I guess people will want to know about cost factor. It will depend on what others have already and what they want to do. I’m leaning toward a new/used Dahua NVR ($300 to $600) using the existing two hard drives in my current NVR. But if you have a computer you can convert, Blue Iris may work better.

Just to be clear all Q-see’s NVR's will still keep recording to the NVR and will be unaffected. Just remote viewing will be affected. Sorry for my typo’s just wanted to get this out and going

Alex

Click to expand...
scenario: 1 old q-see system using dvr and dumb cams, still accessible remotely without port forwarding, 1 newer q-see system using Nvr and ip cams not accessible (haven't tried port forwarding yet)
 
  • Like
Reactions: bhagwan11
It appears Q-See finally shut down their servers for P2P sharing. I just wanted to share what James Layer posted on the Q-See face book page. It will allow the apps to work only when connected to your home network. I'm researching more about what was mention above about doing a DNS service and then setting up a VPN to access for remote viewing. But here is a short term to view while on your home network not away.

James says: I was able to set up the QTview app on my computer to view cameras now that Qsee no longer supports the app viewing away from home. As long as you are home and on the same network as the NVR or DVR this should work. First, you will need to go into settings and find the IP address of your NVR or DVR. Once you have the IP address, go to Control Panel within the QTview app. Click on Device. Click on Add Device. click add, edit or Delete Device. Click on Add Device. At bottom part of screen where it says Start IP Address, enter the IP address of your NVR or DVR you located earlier. Then enter the admin password of your system and click apply. This worked for me.
NOW, if you want to get the app to work on your iPhone or IPad, open the QTview app. Tap on the three lines at top left hand corner of the app.Tap on Server List. Tap on the + symbol, top right hand corner of the app. Here you will enter your IP address of your NVR or DVR, where it says nickname, just type in whatever you want to call your camera system. At user, enter the user name for your system, could be admin or something else if you changed it. At password, enter the password of your system. Unless you changed it from the default, the default password should be 123456 then tap on Save. You should now be able to view your cameras on your home wi-if network through your phone or iPad.

This also works for the QC-View App: In the device manager it is the top right + sign to add and click camera. then wired devices then IP/Domain. Put your NVR's IP address and password and give it a name as well.
 
  • Like
Reactions: mat200
You don't have to use any Q-See apps. There are a bunch out there. I'm currently using Smart PSS, Blue Iris & DMSS at the moment. All of which allows me to remote view my Q-See cameras. And my secondary Q-See NVR while on my network. I replaced one of my NVR's with a Dahua for remote viewing but still have another Q-See NVR that I use to record secondary cameras with that I don't need to watch.
 
  • Like
Reactions: alexj
avspin said:
You don't have to use any Q-See apps. There are a bunch out there. I'm currently using Smart PSS, Blue Iris & DMSS at the moment. All of which allows me to remote view my Q-See cameras. And my secondary Q-See NVR while on my network. I replaced one of my NVR's with a Dahua for remote viewing but still have another Q-See NVR that I use to record secondary cameras with that I don't need to watch.
Click to expand...
Hi,
Does DMSS work if I scan barcode or put in SN? I tried but no luck
Thanks
 
No. You need the IP address and password of the NVR. Press the plus in the upper right, the IP and then add a NVR.
Use the config tool to find the IP. The default is 192.168.1.108 unless that port was in use on your system.
Download a config tool here: DahuaWiki
 
Yes it works as I connect via IP address and only in home network. I cant see when I’m outside of the house. Is there any other ways to view remotely? Or I need to replace the whole system? So frustrated.
Thank you for answering.
 
If you are using a Q-See NVR you cannot see it outside your network. You need to replace with a Dahua since they would be the manufacturer of the Q-See. I had a QC826 and found the exact Dahua model.
Unless someone smarter than me (which wouldn't be too hard) found a way to install the Dahua firmware on a Q-See NVR.
 
You must log in or register to reply here.
Top Bottom