Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


ForumsOne New Zealand (including Vodafone, WxC, Farmside)Audiocodes MP264 - isolating 1 network port from LAN for cheap security cameras
Niel

3267 posts

Uber Geek

Trusted

#208141 28-Jan-2017 12:57
Send private message

I've got an Audiocodes MP264 modem from WXC.  I've got a security camera with port forwarding working fine.  I'm concerned about getting hacked as the cheap Chinese cameras have no real security and their Linux web servers have default passwords with root access...  The camera does periodically ping a few IP addresses in China and Amazon.

 

I do not care about the cameras getting hacked, but I do care about the integrity of my network and devices on it.  Is there a way that I can setup the MP264 so that 1 Ethernet port is accessible from the WAN but not the LAN?  That way I can run multiple cameras with a switch through 1 port of the modem and no concerns that anyone from outside can get into my LAN through the cameras.

 

I guess as an alternative I can run my network on another router (with firewall) after the modem, but it would be more elegant if I can do it all on the MP264.  Thanks in advance.




You can never have enough Volvos!

Filter this topic showing only the reply marked as answer Create new topic
michaelmurfy
meow
13241 posts

Uber Geek

Moderator
ID Verified
Trusted
Lifetime subscriber

  #1711020 28-Jan-2017 13:00
Send private message

To be perfectly honest you should never port forward to these cameras - put them in an IP address pool without internet access (you can indeed do this with the MP264) and use a Raspberry Pi with something like Monit for security monitoring.




Michael Murphy | https://murfy.nz
Referral Links: Quic Broadband (use R122101E7CV7Q for free setup)

Are you happy with what you get from Geekzone? Please consider supporting us by subscribing.
Opinions are my own and not the views of my employer.



yitz
2074 posts

Uber Geek


  #1711045 28-Jan-2017 14:54
Send private message

Not sure about Audiocodes but I know on Broadcom based routers (so Netcomms, TP-Links) you can set up something like this under the Interface grouping menu. It is designed for multiservice access networks e.g. for IPTV STBs but can be manually configured as a way to set up multiple VLANs.

coffeebaron
6231 posts

Uber Geek

Trusted
Lifetime subscriber

  #1711046 28-Jan-2017 15:06
Send private message

Not concerned about your camera's getting hacked? What about when the police come knocking at your door for being an origin of a DOS attack or a trading ring for objectionable material etc.? It's not so much a case of the camera's getting hacked, it's what they get hacked for.

 

 




Rural IT and Broadband support.

 

Broadband troubleshooting and master filter installs.
Starlink installer - one month free: https://www.starlink.com/?referral=RC-32845-88860-71 
Wi-Fi and networking
Cel-Fi supply and installer - boost your mobile phone coverage legally

 

Need help in Auckland, Waikato or BoP? Click my email button, or email me direct: [my user name] at geekzonemail dot com



sbiddle
30853 posts

Uber Geek

Retired Mod
Trusted
Biddle Corp
Lifetime subscriber

  #1711074 28-Jan-2017 15:46
Send private message

You should never port forward to a camera. Period.

 

As pointed out the camera video being compromised is the least of your worries. It's when (not even if) your camera is compromised and becomes part of a DDoS attack.

 

If you need remote camera access it should only be via VPN.

 

 

 

 

Niel

3267 posts

Uber Geek

Trusted

  #1711097 28-Jan-2017 16:06
Send private message

Okay, thanks, I get the point, port forwarding was disabled hours ago.  The only real reason for having port forwarding is so that my mum can from overseas see our kids play outside.  I'll setup a reputable camera for that, got a few old D-Links which uses D-Link's server for remote viewing instead of port forwarding.

 

So I could setup VLANs on a specific Ethernet port and then significantly restrict that VLAN's access to only certain WAN IP address ranges which include say my place of employment and my mum's ISP?




You can never have enough Volvos!

richms
28168 posts

Uber Geek

Trusted
Lifetime subscriber

  #1711100 28-Jan-2017 16:26
Send private message

Just means that only compromised servers on the mums ISP will be able to reach it, not the whole internet. Might buy you some time before they are hit.

 

VPN is the correct way to make services accessible to only some people remotely. Ive seen no evidence of my cameras connecting out to anywhere except NTP once all the cloud BS was unticked in their setup. VPN in and I just view them with their internal IP in the software as if I was at home, except I have to choose the low quality stream because the high quality is more than my outgoing bandwidth.




Richard rich.ms

Talkiet
4792 posts

Uber Geek

Trusted

  #1711102 28-Jan-2017 16:31
Send private message

As per further up the best and really only way to be comfortable with the cheap cameras is to break their internet access (Static IPs and no default gateway is an easy and good way) and have something you trust like a Pi running software of known origin to effectively proxy the streams.

 

Cheers - N

 

 




Please note all comments are from my own brain and don't necessarily represent the position or opinions of my employer, previous employers, colleagues, friends or pets.

 
 
 
 

Send money globally for less with Wise - one free transfer up to NZ$900 (affiliate link).
Niel

3267 posts

Uber Geek

Trusted

  #1711104 28-Jan-2017 16:44
Send private message

Thanks, I'm awaiting an NVR which will record/access all the cameras and will then consider using a Pi.  I have a friend that already does that for remote site support, he just couriers them a pre-configured Pi.

 

Any guidance on setting up VPN on the MP-264?  I have never done this, and so far only found the L2TP server option greyed out.




You can never have enough Volvos!

Filter this topic showing only the reply marked as answer Create new topic





News and reviews »

Air New Zealand Starts AI adoption with OpenAI
Posted 24-Jul-2025 16:00

eero Pro 7 Review
Posted 23-Jul-2025 12:07

BeeStation Plus Review
Posted 21-Jul-2025 14:21

eero Unveils New Wi-Fi 7 Products in New Zealand
Posted 21-Jul-2025 00:01

WiZ Introduces HDMI Sync Box and other Light Devices
Posted 20-Jul-2025 17:32

RedShield Enhances DDoS and Bot Attack Protection
Posted 20-Jul-2025 17:26

Seagate Ships 30TB Drives
Posted 17-Jul-2025 11:24

Oclean AirPump A10 Water Flosser Review
Posted 13-Jul-2025 11:05

Samsung Galaxy Z Fold7: Raising the Bar for Smartphones
Posted 10-Jul-2025 02:01

Samsung Galaxy Z Flip7 Brings New Edge-To-Edge FlexWindow
Posted 10-Jul-2025 02:01

Epson Launches New AM-C550Z WorkForce Enterprise printer
Posted 9-Jul-2025 18:22

Samsung Releases Smart Monitor M9
Posted 9-Jul-2025 17:46

Nearly Half of Older Kiwis Still Write their Passwords on Paper
Posted 9-Jul-2025 08:42

D-Link 4G+ Cat6 Wi-Fi 6 DWR-933M Mobile Hotspot Review
Posted 1-Jul-2025 11:34

Oppo A5 Series Launches With New Levels of Durability
Posted 30-Jun-2025 10:15








Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.


Updates »

Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.







RSS feeds
Main feed
Forums feed
Copyright
©2002-2025 Geekzone®
Site features
Geekzone BI dashboard
Geekzone Badges
Geekzone Status Page

 

Affiliate links
Samsung
AliExpress
Wise
Sharesies
GoodSync
Site Information
Subscribe to Geekzone
Privacy Statement
Forum Usage Guidelines (FUG)
Advertising
Trademark and copyright