Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.




3267 posts

Uber Geek
+1 received by user: 77

Trusted

# 208141 28-Jan-2017 12:57
Send private message

I've got an Audiocodes MP264 modem from WXC.  I've got a security camera with port forwarding working fine.  I'm concerned about getting hacked as the cheap Chinese cameras have no real security and their Linux web servers have default passwords with root access...  The camera does periodically ping a few IP addresses in China and Amazon.

 

I do not care about the cameras getting hacked, but I do care about the integrity of my network and devices on it.  Is there a way that I can setup the MP264 so that 1 Ethernet port is accessible from the WAN but not the LAN?  That way I can run multiple cameras with a switch through 1 port of the modem and no concerns that anyone from outside can get into my LAN through the cameras.

 

I guess as an alternative I can run my network on another router (with firewall) after the modem, but it would be more elegant if I can do it all on the MP264.  Thanks in advance.





You can never have enough Volvos!


Filter this topic showing only the reply marked as answer Create new topic
Mr Snotty
8588 posts

Uber Geek
+1 received by user: 4492

Moderator
Trusted
Lifetime subscriber

  # 1711020 28-Jan-2017 13:00
Send private message

To be perfectly honest you should never port forward to these cameras - put them in an IP address pool without internet access (you can indeed do this with the MP264) and use a Raspberry Pi with something like Monit for security monitoring.





1358 posts

Uber Geek
+1 received by user: 319


  # 1711045 28-Jan-2017 14:54
Send private message

Not sure about Audiocodes but I know on Broadcom based routers (so Netcomms, TP-Links) you can set up something like this under the Interface grouping menu. It is designed for multiservice access networks e.g. for IPTV STBs but can be manually configured as a way to set up multiple VLANs.


 
 
 
 


5427 posts

Uber Geek
+1 received by user: 2490

Trusted
Lifetime subscriber

  # 1711046 28-Jan-2017 15:06
Send private message

Not concerned about your camera's getting hacked? What about when the police come knocking at your door for being an origin of a DOS attack or a trading ring for objectionable material etc.? It's not so much a case of the camera's getting hacked, it's what they get hacked for.

 

 





Chorus has spent $1.4 billion on making their xDSL broadband network faster and even more now as they are upgrading their rural Conklins. If your still stuck on ADSL or VDSL, why not spend $195 on a master filter install to make sure you are getting the most out of your connection?
I install - Naked DSL, DSL Master Splitters, VoIP, data cabling and general computer support for home and small business.
Rural Broadband RBI installer for Ultimate Broadband and Full Flavour

 

Need help in Auckland, Waikato or BoP? Click my email button, or email me direct: [my user name] at geekzonemail dot com


27781 posts

Uber Geek
+1 received by user: 7269

Moderator
Trusted
Biddle Corp
Lifetime subscriber

  # 1711074 28-Jan-2017 15:46
Send private message

You should never port forward to a camera. Period.

 

As pointed out the camera video being compromised is the least of your worries. It's when (not even if) your camera is compromised and becomes part of a DDoS attack.

 

If you need remote camera access it should only be via VPN.

 

 

 

 




3267 posts

Uber Geek
+1 received by user: 77

Trusted

  # 1711097 28-Jan-2017 16:06
Send private message

Okay, thanks, I get the point, port forwarding was disabled hours ago.  The only real reason for having port forwarding is so that my mum can from overseas see our kids play outside.  I'll setup a reputable camera for that, got a few old D-Links which uses D-Link's server for remote viewing instead of port forwarding.

 

So I could setup VLANs on a specific Ethernet port and then significantly restrict that VLAN's access to only certain WAN IP address ranges which include say my place of employment and my mum's ISP?





You can never have enough Volvos!


22052 posts

Uber Geek
+1 received by user: 4680

Trusted
Subscriber

  # 1711100 28-Jan-2017 16:26
Send private message

Just means that only compromised servers on the mums ISP will be able to reach it, not the whole internet. Might buy you some time before they are hit.

 

VPN is the correct way to make services accessible to only some people remotely. Ive seen no evidence of my cameras connecting out to anywhere except NTP once all the cloud BS was unticked in their setup. VPN in and I just view them with their internal IP in the software as if I was at home, except I have to choose the low quality stream because the high quality is more than my outgoing bandwidth.





Richard rich.ms

4038 posts

Uber Geek
+1 received by user: 2784

Trusted

  # 1711102 28-Jan-2017 16:31
Send private message

As per further up the best and really only way to be comfortable with the cheap cameras is to break their internet access (Static IPs and no default gateway is an easy and good way) and have something you trust like a Pi running software of known origin to effectively proxy the streams.

 

Cheers - N

 

 





--

 

Please note all comments are the product of my own brain and don't necessarily represent the position or opinions of my employer, previous employers, colleagues, friends or pets.




3267 posts

Uber Geek
+1 received by user: 77

Trusted

  # 1711104 28-Jan-2017 16:44
Send private message

Thanks, I'm awaiting an NVR which will record/access all the cameras and will then consider using a Pi.  I have a friend that already does that for remote site support, he just couriers them a pre-configured Pi.

 

Any guidance on setting up VPN on the MP-264?  I have never done this, and so far only found the L2TP server option greyed out.





You can never have enough Volvos!


Filter this topic showing only the reply marked as answer Create new topic



Twitter »

Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:





News »

HPE to acquire supercomputing leader Cray
Posted 20-May-2019 11:07


Techweek starting around NZ today
Posted 20-May-2019 09:52


Porirua City Council first to adopt new council software solution Datascape
Posted 15-May-2019 12:00


New survey provides insight into schools' technology challenges and plans
Posted 15-May-2019 09:30


Apple Music now available on Alexa devices in Australia and New Zealand
Posted 15-May-2019 09:11


Make a stand against cyberbullying this Pink Shirt Day
Posted 14-May-2019 20:23


Samsung first TV manufacturer to launch the Apple TV App and Airplay 2
Posted 14-May-2019 20:11


Vodafone New Zealand sold
Posted 14-May-2019 07:25


Kordia boosts cloud performance with locally-hosted Microsoft Azure ExpressRoute
Posted 8-May-2019 10:25


Microsoft Azure ExpressRoute in New Zealand opens up faster, more secure internet for Kiwi businesses
Posted 8-May-2019 09:39


Vocus Communications to deliver Microsoft Azure Cloud Solutions through Azure ExpressRoute
Posted 8-May-2019 09:25


Independent NZ feature film #statusPending to premiere during WLG-X
Posted 6-May-2019 22:13


The ultimate dog photoshoot with Nokia 9 PureView #ForgottenDogsofInstagram
Posted 6-May-2019 09:41


Nokia 9 PureView available in New Zealand
Posted 6-May-2019 09:06


Motorola Solutions joins local partners to deliver advanced communications network in New Zealand
Posted 30-Apr-2019 21:50



Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.


Support Geekzone »

Our community of supporters help make Geekzone possible. Click the button below to join them.

Support Geezone on PressPatron



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.