Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


Forums2degrees (including Slingshot, Orcon, Flip, Stuff Fibre, MyRepublic, 2talk and Vocus)Any work around for IP cameras and IP alarms etc with Flip's CGNAT?
View this topic in a long page with up to 500 replies per page Create new topic
1 | 2 
richms
28179 posts

Uber Geek

Trusted
Lifetime subscriber

  #1635934 19-Sep-2016 15:41
Send private message

Adamww:

 

one I guess.  I think the bigger risk today is still the dumb burglar that will throw a brick through a window and grab what they can even with the alarm screaming and  cameras recording.  It's probably unlikely there are many burglars in NZ that are interested and smart enough to hack my network & IP devices to disable my alarm.  If someone was smart and hacked my cameras they could put a pic of my dick on the interweb but there is probably not too much reward in that...

 

 

The risk isnt from burgulars, the risk is you are compromised and then either your PCs are attacked, by intercepring your browsing or similar, or your gear is used as a piviot for someone doing something evil to someone else that matters.




Richard rich.ms



sbiddle
30853 posts

Uber Geek

Retired Mod
Trusted
Biddle Corp
Lifetime subscriber

  #1635957 19-Sep-2016 16:36
Send private message

Adamww:

 

Adamww:

 

My cameras are not directly accessable on my LAN, they connect to a NVR. 

 

 

 

 

Correcting myself here.  My cameras are not IP at all.  They are analog HDCVI.  DVR still has a port forwarded though.

 

 

As somebody who's been using Dahua gear for years I'd never even contemplate a port forward opening a NVR up to the Internet. They've had plenty of major exploits.

 

Port 37777 isn't as bad as opening port 80 but there is plenty you can do when the NVR is wide open.

 

 

 

 

 

 

sbiddle
30853 posts

Uber Geek

Retired Mod
Trusted
Biddle Corp
Lifetime subscriber

  #1635959 19-Sep-2016 16:40
Send private message

Adamww:

 

  If someone was smart and hacked my cameras they could put a pic of my dick on the interweb but there is probably not too much reward in that...

 

 

 

They wouldn't do that. They would hack your DVR and use it for bit coin mining, DDOS attacks and/or DNS amplifications attacks.

 

 



Adamww

48 posts

Geek


  #1635973 19-Sep-2016 17:49
Send private message

sbiddle:

 

As somebody who's been using Dahua gear for years I'd never even contemplate a port forward opening a NVR up to the Internet. They've had plenty of major exploits.

 

Port 37777 isn't as bad as opening port 80 but there is plenty you can do when the NVR is wide open.

 

 

 

 

I'm would welcome some advice if you can simplify it enough that my mechanical engineering level can understand.  My networking knowledge should be good enough for a home user.  I already use a random port number in the DVR - not the defaults and have a strong user/password.  I have all of the DDNS and email alerts etc turned off in the DVR software.  My router is just consumer level device HG659?  Do you have any suggested security improvements I can make that would still allow viewing live streams via the iDMSS iOS app?

sbiddle
30853 posts

Uber Geek

Retired Mod
Trusted
Biddle Corp
Lifetime subscriber

  #1635986 19-Sep-2016 18:25
Send private message

Adamww:

 

sbiddle:

 

As somebody who's been using Dahua gear for years I'd never even contemplate a port forward opening a NVR up to the Internet. They've had plenty of major exploits.

 

Port 37777 isn't as bad as opening port 80 but there is plenty you can do when the NVR is wide open.

 

 

 

 

I'm would welcome some advice if you can simplify it enough that my mechanical engineering level can understand.  My networking knowledge should be good enough for a home user.  I already use a random port number in the DVR - not the defaults and have a strong user/password.  I have all of the DDNS and email alerts etc turned off in the DVR software.  My router is just consumer level device HG659?  Do you have any suggested security improvements I can make that would still allow viewing live streams via the iDMSS iOS app?

 

 

A strong username and password means very little, as does disabling all the other features. It's there mere fact the device is exposed to the Internet that's the issue. You simply don't know what security holes there are in the software - and there have been plenty over the years.

 

The simple answer to that is you need to set up a VPN on your router (HG659 doesn't support it) and then use the VPN client on your phone to establish a connection to your home router. You'll then have a private IP address on your LAN and can connect to the NVR on it's local IP address. This is the only secure way to access your device.

 

Will you be hacked like you have it set up now? Possibly not. Statistically speaking you won't get burgled today if you leave your front door unlocked either, but if you leave your front door unlocked all the time chances are one day somebody will enter your house.

 

There are very few valid reasons to ever have a port forward to an internal device on a network with the exception of port forward to an email or web server (and even running them on a home connection isn't necessarily smart). If you want some fun just spend 5 mins on shodan looking at insecure devices.

 

 

 

 

1 | 2 
View this topic in a long page with up to 500 replies per page Create new topic





News and reviews »

Air New Zealand Starts AI adoption with OpenAI
Posted 24-Jul-2025 16:00

eero Pro 7 Review
Posted 23-Jul-2025 12:07

BeeStation Plus Review
Posted 21-Jul-2025 14:21

eero Unveils New Wi-Fi 7 Products in New Zealand
Posted 21-Jul-2025 00:01

WiZ Introduces HDMI Sync Box and other Light Devices
Posted 20-Jul-2025 17:32

RedShield Enhances DDoS and Bot Attack Protection
Posted 20-Jul-2025 17:26

Seagate Ships 30TB Drives
Posted 17-Jul-2025 11:24

Oclean AirPump A10 Water Flosser Review
Posted 13-Jul-2025 11:05

Samsung Galaxy Z Fold7: Raising the Bar for Smartphones
Posted 10-Jul-2025 02:01

Samsung Galaxy Z Flip7 Brings New Edge-To-Edge FlexWindow
Posted 10-Jul-2025 02:01

Epson Launches New AM-C550Z WorkForce Enterprise printer
Posted 9-Jul-2025 18:22

Samsung Releases Smart Monitor M9
Posted 9-Jul-2025 17:46

Nearly Half of Older Kiwis Still Write their Passwords on Paper
Posted 9-Jul-2025 08:42

D-Link 4G+ Cat6 Wi-Fi 6 DWR-933M Mobile Hotspot Review
Posted 1-Jul-2025 11:34

Oppo A5 Series Launches With New Levels of Durability
Posted 30-Jun-2025 10:15








Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.


Updates »

Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.







RSS feeds
Main feed
Forums feed
Copyright
©2002-2025 Geekzone®
Site features
Geekzone BI dashboard
Geekzone Badges
Geekzone Status Page

 

Affiliate links
Samsung
AliExpress
Wise
Sharesies
GoodSync
Site Information
Subscribe to Geekzone
Privacy Statement
Forum Usage Guidelines (FUG)
Advertising
Trademark and copyright