Unknown Camera Connections.

ljw2k

Known around here
Joined
Jun 9, 2014
Messages
1,486
Reaction score
2,260
Location
United Kingdom
I have looked in my LOGS and see a few unknow connections should I be worried?

 
Joined
Dec 30, 2016
Messages
807
Reaction score
622
Location
Somewhere in the space/time continuum
Looks like you are being "probed". Check this link out on 110.249.212.46 and what possibly may be going on. Keep in mind, alot ot these reports are from people that have no clue what is going on, but in general the info is informative.

The connections shown in the log are for all purposes no time, so to me they look like probes and whoever/whatever it is are not actually connecting. I would block any IP's from China as a general rule. FWIW.
 

ljw2k

Known around here
Joined
Jun 9, 2014
Messages
1,486
Reaction score
2,260
Location
United Kingdom
My BI PC is my main PC I use for surfing etc so it has to be connected to the internet, not sure if or what I can do to stop this.
 

catcamstar

Known around here
Joined
Jan 28, 2018
Messages
1,659
Reaction score
1,193
My BI PC is my main PC I use for surfing etc so it has to be connected to the internet, not sure if or what I can do to stop this.
You misunderstood @alastairstevenson's post: surfing TO the internet (outbound) connections are different from the internet surfing TO your BI pc (inbound).

Now, as a general rule, I wouldn't dare to surf on a pc with a crucial role like video surveillance. If you'll get, even unintentionally, some garbage through a pop-up, sideload script, or any nasty shizzle, you might be up for a re-installation of your windows and all peripheral software and connections. You might even loose some footage. Not to mention the time your video surveillance is down. Treat your BI pc as an appliance (like you would treat a classical NVR).

Back to your main question:
  • look in your ROUTER and look at (unwanted) port forwards. Do you have them? Immediately delete those
  • look in your ROUTER and enable all (especially) inbound firewall rules. Only allow known outbound connections (eg NTP).
  • look at UPNP configuration. If enabled: immediately disable it.

And if you wouldn't have yet done it: implement OpenVPN service and connect to your BI pc through that. Isolate your BI pc and DO NOT USE IT FOR DAY TO DAY OPERATIONS.

Then, that connections list in #1 should remain "clean" and safe from unwanted connections. If you still have them, I would reinstall that BI pc to remove all garbage on it.

Good luck!
CC
 

alastairstevenson

Staff member
Joined
Oct 28, 2014
Messages
15,930
Reaction score
6,778
Location
Scotland
My BI PC is my main PC I use for surfing etc so it has to be connected to the internet, not sure if or what I can do to stop this.
As @catcamstar squeezed in before me ...
Those are inbound connections.
Your LAN router / firewall would have to be allowing external connections, which it won't do unless explicitly configured to do so.
Just surfing the internet (outbound) would not do that.

It would be worth testing what inbound access exists.
An easy way to do that is to use a security check such as the ShieldsUp! one here :
Use the full port scan (not the UPnP check), and see what it tells you.
 

ljw2k

Known around here
Joined
Jun 9, 2014
Messages
1,486
Reaction score
2,260
Location
United Kingdom
Done the above and cleaned the connection list , will keep an eye on it from now to see if any returns.

Thanks for the heads up.

THE EQUIPMENT AT THE TARGET IP ADDRESS
DID NOT RESPOND TO OUR UPnP PROBES!
(That's good news!)
 
Last edited:

alastairstevenson

Staff member
Joined
Oct 28, 2014
Messages
15,930
Reaction score
6,778
Location
Scotland
Done the above and cleaned the connection list , will keep an eye on it from now to see if any returns.
I'm sorry but I do not know what you mean.
I don't think you are saying what the suggested ShieldsUp! full port scan showed.

I did suggest :
Use the full port scan (not the UPnP check),
Forget the UPnP checks, run the full port scan.
 

ljw2k

Known around here
Joined
Jun 9, 2014
Messages
1,486
Reaction score
2,260
Location
United Kingdom
Hi Alaister. I mean I have cleared the logs in BI for the connections to see if any come back now I have reset the router back to factory and disabled what you stated and made sure nothing was port forwarded in the router.
Here is the text result from a full port scan

GRC Port Authority Report created on UTC: 2020-03-02 at 21:43:42
Results from scan of ports: 0-1055
0 Ports Open
5 Ports Closed
1051 Ports Stealth ---------------------
1056 Ports Tested NO PORTS were found to be OPEN.
Ports found to be CLOSED were: 135, 137, 138, 139, 445 Other than what is listed above, all ports are STEALTH. TruStealth: FAILED - NOT all tested ports were STEALTH, - NO unsolicited packets were received, - A PING REPLY (ICMP Echo) WAS RECEIVED.
 

alastairstevenson

Staff member
Joined
Oct 28, 2014
Messages
15,930
Reaction score
6,778
Location
Scotland
Ports found to be CLOSED were: 135, 137, 138, 139, 445
That's indicative of a Windows PC.
All ports should show as stealth.

I have reset the router back to factory and disabled what you stated and made sure nothing was port forwarded in the router.
Did you do this before or after the port scan?
If before - the evidence of the original problem has been erased.
 

ljw2k

Known around here
Joined
Jun 9, 2014
Messages
1,486
Reaction score
2,260
Location
United Kingdom
What catcamstar recommended below

  • look in your ROUTER and look at (unwanted) port forwards. Do you have them? Immediately delete those
  • look in your ROUTER and enable all (especially) inbound firewall rules. Only allow known outbound connections (eg NTP).
  • look at UPNP configuration. If enabled: immediately disable it.
 
Top