Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.




1596 posts

Uber Geek
+1 received by user: 39


# 208311 6-Feb-2017 19:40
Send private message

They got a 4 camera unit system for one property.  From Jaycar, all working good. When they are at home, it works on their smartphone fine but it loses connection after an hour or so ..  When they go back to the property it works fine but using that WiFi.  So they need a static IP from the ISP?  Any other work arounds?  

 

 

 

Someone else that were helping them said they can use a Night Hawk router.  Is this the case and do they still need a static IP from the ISP?  They are with 2Degrees.  

 

 

 

Any views appreciated.  Thanks.  


View this topic in a long page with up to 500 replies per page Create new topic
 1 | 2
BDFL - Memuneh
63302 posts

Uber Geek
+1 received by user: 13836

Administrator
Trusted
Geekzone
Lifetime subscriber

  # 1716151 6-Feb-2017 19:52
Send private message

Your post is a bit confusing. Are they port forwarding to this camera? If that's the case, before even going ahead I'd say STOP. Never open up these cameras to the Internet.

 

Also, they might not need a "Night Hawk router" it may be that the cameras are in an area with low WiFi coverage. Perhaps an area with interference (when neighbours start using their own WiFi the WiFi bandwidth gets cut and the cameras drop). It may be as simple as repositioning the existing router for better coverage.







1596 posts

Uber Geek
+1 received by user: 39


  # 1716153 6-Feb-2017 19:57
Send private message

freitasm:

 

Your post is a bit confusing. Are they port forwarding to this camera? If that's the case, before even going ahead I'd say STOP. Never open up these cameras to the Internet.

 

Also, they might not need a "Night Hawk router" it may be that the cameras are in an area with low WiFi coverage. Perhaps an area with interference (when neighbours start using their own WiFi the WiFi bandwidth gets cut and the cameras drop). It may be as simple as repositioning the existing router for better coverage.

 

 

 

 

Should had been clearer.

 

Property address 1 - with the security.

 

Property address 2   - back at their own home.  

 

 

 

As the instruction booklet said so yes port forwarding has been enabled.  

 

 

 

They were at their own home (different property address) the WiFi is good, the router is in the same living room 8m away from it.  It was working on their phones before but just dropped off.  Uninstalled the app, and reinstalled it and still not working.  

 

 

 

They drove out back to the property with the security and it works fine - again WiFi but in the other property.  


 
 
 
 


BDFL - Memuneh
63302 posts

Uber Geek
+1 received by user: 13836

Administrator
Trusted
Geekzone
Lifetime subscriber

  # 1716154 6-Feb-2017 19:59
10 people support this post
Send private message

The instruction booklet is a trap!

 

Do not EVER port forward to cheap cameras - do so and risk it becoming a zombie in a DDoS botnet.

 

 





27781 posts

Uber Geek
+1 received by user: 7269

Moderator
Trusted
Biddle Corp
Lifetime subscriber

  # 1716157 6-Feb-2017 20:17
4 people support this post
Send private message

Because you should never under any circumstances have port forwards for CCTV gear the whole question is really a moot point. You need to remove these before your system is compromised.

 

To access the cameras remotely you will need a VPN of some sort, so if the current router doesn't support VPN termination you'll need to look at hardware that supports this if you want remote access.

 

Obviously to connect remotely you either need a static IP or use a service such as dyndns if your IP changes regularly.

 

 

 

 




1596 posts

Uber Geek
+1 received by user: 39


  # 1716160 6-Feb-2017 20:36
Send private message

Ok thanks - port forwarding disabled.  

 

 

 

Yes the only issues are when we are off site - remotely.  

 

Someone did mention VPN on the phone I think.  I am not sure if the security unit itself supports it though.  They said it was working at the different address for an hour before it cut off.  Then later as they were driving there it worked suddenly.  So a bit lost why it worked on that occasion.  Will look into the a static IP :) 

 

 

 

We have a Fritzbox router.  Maybe soemone else's Night Hawk supported VPN termination?  Hmmmm....  Maybe that was why he suggested it.  Will check it out maybe the Fritzbox had VPN termination on.  


BDFL - Memuneh
63302 posts

Uber Geek
+1 received by user: 13836

Administrator
Trusted
Geekzone
Lifetime subscriber

27781 posts

Uber Geek
+1 received by user: 7269

Moderator
Trusted
Biddle Corp
Lifetime subscriber

  # 1716162 6-Feb-2017 20:39
Send private message

The most obvious conclusion is that they're not using the correct IP anyway. Since most routers don't support hairpin NAT you would not be able to connect using the external IP when connected locally, and since you would need the external IP when connecting from outside the network you would need to keep changing this for it to work.

 

A VPN (which would terminated in your router not the unit itself) is the only way cameras should be viewed remotely.

 

 


734 posts

Ultimate Geek
+1 received by user: 130


  # 1721628 17-Feb-2017 00:45
Send private message

sbiddle:

 

...most routers don't support hairpin NAT you would not be able to connect using the external IP when connected locally, and since you would need the external IP when connecting from outside the network you would need to keep changing this for it to work.

 

A VPN (which would terminated in your router not the unit itself) is the only way cameras should be viewed remotely.

 

 

 

 

 

Reason #237 to use pfSense, which makes the above (VPN servers + NAT reflection) a cinch ;)

 

Similar to the dodgy cameras above, there are an increasing number of so-called smart "internet of things" devices such as power socket timers (orvibo s20 et al) which punch holes in your LAN>WAN in the name of being able to do something remotely back into your home. As with the cameras, many are using proprietary code which is compromising your security in unknown ways and phoning home to who know who. I wouldn't trust 'em as far as I could throw them.

 

As others have said, if you want remote access to do this sort of stuff, use a VPN to get back home remotely (e.g. android has a good openVPN client). You don't need a static IP to set up your own VPN (and/or webserver), dynamic IP services are OK. That said, if you want to hang with the cool kids, get a static IP and register it to a domain name. I went half way, got a static IP, then cheaped out and set it up with a (free) dynamic IP provider (dynu.com) so I can just type in a domain name, rather than the IP address itself.


3449 posts

Uber Geek
+1 received by user: 451

Trusted

  # 1721630 17-Feb-2017 01:07
Send private message

If Property 1 has a Static IP address he could enable the NAT but firewalled to only that address? Still not ideal as it probably isn't encrypted but would beat the security issues. VPN is preferred.






1514 posts

Uber Geek
+1 received by user: 352


  # 1729999 4-Mar-2017 16:40
Send private message

Ok so I'm staying with some people who have a Jaycar Security Cam to install.

The router here is a TP Link w8960n. I can't see that it supports a vpn in firmware, ddwrt will brick it etc.
So the only solution is to Port Forward, unless I suggest they buy more hardware?

Does there need to be a computer connected to the network for someone to use a port forwarded network as a zombie in a botnet?

I think I'm out of my depth a bit. They want to be able to remote in to see their camera from 1 device, (their iphone). Is this not an achievable thing securely with no VPN?

They did get a local computer shop to set it all up, I think with port forwarding. But it stopped working soon after. The shop has since changed hands, and it's all too hard for the new owners.

22052 posts

Uber Geek
+1 received by user: 4680

Trusted
Subscriber

  # 1730004 4-Mar-2017 16:51
Send private message

1eStar: Ok so I'm staying with some people who have a Jaycar Security Cam to install.

The router here is a TP Link w8960n. I can't see that it supports a vpn in firmware, ddwrt will brick it etc.
So the only solution is to Port Forward, unless I suggest they buy more hardware?

Does there need to be a computer connected to the network for someone to use a port forwarded network as a zombie in a botnet?

I think I'm out of my depth a bit. They want to be able to remote in to see their camera from 1 device, (their iphone). Is this not an achievable thing securely with no VPN?

They did get a local computer shop to set it all up, I think with port forwarding. But it stopped working soon after. The shop has since changed hands, and it's all too hard for the new owners.

 

You may be able to foward to another device on the network to terminate the VPN, many nas boxes will do that quite easily. No PC is needed, the cameras and DVRs are quite powerful embedded devices running linux so most of the hacking tools work great on them, once into them however then getting full ownership of the device is usually quite easy from the demos I have seen people do, since everything runs as root you just need to find something in the websever or similar that is exploitable and then you can get all your other tools onto it and hack away. But the botnets automate all that nasty hard work so they just get infected and then go looking for other things.

 

You cant really do it without a VPN from a phone. If the phone is always used at another location on wifi with a static IP you could limit your foward to that IP, which is what I did when I was working at a place that had a router that didnt really work for outgoing VPN's because the rules put on it to allow incoming ones seemed to be done by a person with minimal clue and I wasnt allowed to ask them to fix it since they charged "a fortune" to do anything.

 

But if its used on 4g where the IP is anything in a huge range, then no, dont bother trying. Those are CG NAT so the source IP will change and be shared with other people anyway.

 

Ahhh, the 'local computer shop' - words I dread hearing most of the time.





Richard rich.ms

2667 posts

Uber Geek
+1 received by user: 1186

Trusted
Lifetime subscriber

  # 1730010 4-Mar-2017 17:14
One person supports this post
Send private message

As I suggested last time. Low end spirit make cheap as VPS for $6 per year. Then OpenVPN from your home to the VPS then your phone to the same end point. Job done.





'That VDSL Cat'
10177 posts

Uber Geek
+1 received by user: 2435

Trusted
Spark
Subscriber

  # 1730045 4-Mar-2017 19:02
Send private message

richms:

 

 

 

Ahhh, the 'local computer shop' - words I dread hearing most of the time.

 

 

Totally agree.

 

 

 

Comes very close with "My IT Guy".

 

 

 

There are some out there that are amazing, but others that know how to plug something in and press go and call themselves an expert... 





#include <std_disclaimer>

 

Any comments made are personal opinion and do not reflect directly on the position my current or past employers may have.


BDFL - Memuneh
63302 posts

Uber Geek
+1 received by user: 13836

Administrator
Trusted
Geekzone
Lifetime subscriber

  # 1730052 4-Mar-2017 19:24
One person supports this post
Send private message

Or "I have a friend who is doing|coding|developing it for me."

 

And this "friend" registers a domain on his name. And hosts a site on his shared account. And don't tell the owner anything about it.





15897 posts

Uber Geek
+1 received by user: 3129

Trusted

  # 1730062 4-Mar-2017 19:38
Send private message

BarTender: As I suggested last time. Low end spirit make cheap as VPS for $6 per year. Then OpenVPN from your home to the VPS then your phone to the same end point. Job done.

 

Low end spirit? Typo, or you had too many low end spirits today?? 

 

Tony D!


 1 | 2
View this topic in a long page with up to 500 replies per page Create new topic



Twitter »

Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:





News »

HPE to acquire supercomputing leader Cray
Posted 20-May-2019 11:07


Techweek starting around NZ today
Posted 20-May-2019 09:52


Porirua City Council first to adopt new council software solution Datascape
Posted 15-May-2019 12:00


New survey provides insight into schools' technology challenges and plans
Posted 15-May-2019 09:30


Apple Music now available on Alexa devices in Australia and New Zealand
Posted 15-May-2019 09:11


Make a stand against cyberbullying this Pink Shirt Day
Posted 14-May-2019 20:23


Samsung first TV manufacturer to launch the Apple TV App and Airplay 2
Posted 14-May-2019 20:11


Vodafone New Zealand sold
Posted 14-May-2019 07:25


Kordia boosts cloud performance with locally-hosted Microsoft Azure ExpressRoute
Posted 8-May-2019 10:25


Microsoft Azure ExpressRoute in New Zealand opens up faster, more secure internet for Kiwi businesses
Posted 8-May-2019 09:39


Vocus Communications to deliver Microsoft Azure Cloud Solutions through Azure ExpressRoute
Posted 8-May-2019 09:25


Independent NZ feature film #statusPending to premiere during WLG-X
Posted 6-May-2019 22:13


The ultimate dog photoshoot with Nokia 9 PureView #ForgottenDogsofInstagram
Posted 6-May-2019 09:41


Nokia 9 PureView available in New Zealand
Posted 6-May-2019 09:06


Motorola Solutions joins local partners to deliver advanced communications network in New Zealand
Posted 30-Apr-2019 21:50



Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.


Support Geekzone »

Our community of supporters help make Geekzone possible. Click the button below to join them.

Support Geezone on PressPatron



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.