Suspicious login

[NVR]

So out of nowhere I see my NVR rebooting, I go in to check the log and there was a successful login just prior to the reboot under user name admin from 30.204.95.xxx

I look it up and came back as a DOD IP and then it was followed by another login after the reboot but now as a superadmin.

Also my local login did not make it to the log in between.

Your thoughts aside from moving?

 

[fenderman]

Just turn yourself in.
Here is someone who had the same issue https://www.reddit.com/r/privacy/comments/2m42ig/remote_login_from_dod_ip_into_my_hikvision_nvr/

 

[NVR]

Well great news, it is my ivms logins from my mobile provider, huge shout out to Tmobile and each one of our family plan phones gets a unique dod iP.

Not sure whos superadmin though or why NVR reboots in between these.

Your still coming over for Thanksgiving? loll

 

[khx73]

If I connect to mine from mobile, the NVR reports a strange unrelated IP address instead of my actual public mobile IP. I'm still thinking it's some glitch happening to connections coming in through NAT... because it reports the proper IP on LAN connections every time. We got talking about it a bit in this thread.

 

[NVR]

Its a glitch alright.

 

[Travieso]

What would be nice if we could assign static IP's or MAC Address (I know you could spoof a MAC address) to only remote connect to the NVR or Somehow how put them ON trusted Device. So we could only allow Those specific Devices with the MAC Address Connect

 

[NVR]

Appears that everyone will see a different ip in their NVR log then their real ip presented by an ip look up service. I'm guessing that the phone company is using these different ips either for certain ports and in the process the ip is accidentally revealed for those services. Also possible during a hop it stops at the strange ip for certain services while http will get the final real ip, either way everything must filter through the strange ip.