CCTV Help

  • Thread starter Thread starter Deleted member 251651
  • Start date Start date

Deleted member 251651

Deleted member 251651

Hi,

Wondering if anyone can help/advise.....?

I have a cctv system fitted and its bringing up failed loggin attempts from different ip addresses from different countrys....

How does this happen, is someone going through my broadband router to try and access the cctv....?

Or

Does someone have my cctv box mac/ip address.... and because it is connected to intenet they can try to connect to it without going through the broadband route first?

How can I stop this?

Any help would be much appricated.
 
You're getting port scanned and bots are trying all common user/password combinations to try and gain access.

Put it behind a VPN or a reverse proxy.
 
How would I do that?

CCTV is connected to a DVR not to a PC. I'm a novice when it comes to things like this....
 
Do you need it to remote in over the internet (i.e. view when your off site)?

If no, then separate this from your other LAN traffic.
 
Caged said:
You're getting port scanned and bots are trying all common user/password combinations to try and gain access.

Put it behind a VPN or a reverse proxy.
Click to expand...

I''v had he same system installed for 2 years, never had this problem before, just started recently????

Ideally, I want to be able to connect when I am remote.....

I need someone to help me in layman's terms.....as I know nothing about networking..........

If i was to buy anothr access point and connect that to the broadband wirelessly, then connect it to the dvr through cat6 cable, would that prevent this from happening and make the cctv more secure? Or would this not make any differnece as its still connected to the same broadband router?
 
Firstly, what make and model of DVR is it? Are you using P2P to connect to the DVR from an app?

What is telling you that you’re being scanned?

You almost certainly have one or more of ports 80, 8080, 8000, 443, 554, 10554 or 37777 open on your router, passing traffic to the DVR. When the automated port scanners find one of these ports open they hit it with a bunch of options to see if they can access it. In some ways it’s proof the firewall works.
 
WJA96 said:
Firstly, what make and model of DVR is it? Are you using P2P to connect to the DVR from an app?

What is telling you that you’re being scanned?

You almost certainly have one or more of ports 80, 8080, 8000, 443, 554, 10554 or 37777 open on your router, passing traffic to the DVR. When the automated port scanners find one of these ports open they hit it with a bunch of options to see if they can access it. In some ways it’s proof the firewall works.
Click to expand...

Yes, I'v been using a P2P App to connect to DVR. I get alerts of logins attemps. I have never messed around with the router settings, they are all default from the isp. Do the ports automatically open or are they done manually? Ho do I check what ports are open on my router? I guess if I find and close the ports, if they are open, then the cctv will not work?
 
The DVR is likely a red herring. While the DVR is possibly local storage only, the cameras themselves will have the ability to broadcast and connect to the Internet if you let them. The ports can be opened automatically if your ISP router has UPnP enabled (which is bad). Go to this link here, and on the bottom of the list on the right click 'Scan All Common Ports' then let us know the results.

You'll be best served going into the router and blocking all traffic from the cameras to the Internet. The required syntax (written) or boxes to tick (GUI) will differ between underlying firewall type and vendor implementation. On a CLI firewall like pf it's easy:

block out log quick from <cctv> to !$lan_net

On a GUI based ISP type router you'll likely need to check which order the rules are prioritised (eg top to bottom or vice versa) and then 'Block out all from <cctv ip addresses>' and 'Allow from <cctv ip addresses> to <lan addresses>', which is a bit messier. Then set up a VPN or reverse proxy to connect back to your network and view them. Having your own domain would help you here. From the sound of your posts that's something you're not conversant in, but your current network model is insecure, and I'd highly recommend you start reading up. Search for things like 'basic reverse proxy' and 'how to set up wireguard VPN to access home' etc and add to your base networking knowledge.
 
You must log in or register to reply here.
Back
Top Bottom