Search results
-
T
How insecure is port forwarding for Blue Iris if you have an incredibly strong password?
The sites that people use like noip are scanned and clients attacked. That is why port forwarding is bad. Splitting the wan and giving it its own outside address is a better method of self hosting. VPNs, they are safe to a point.- tech_junkie
- Post #8
- Forum: Cyber Security
-
T
Anyone run 2 ethernet wires through the junction box grommet?
That is why I drill a 3/4 inch hole and run the cable in the attic. Rarely I have used surface mount in a install, but when I did I used flat conduit as it has a better clean line look than attaching a wire every 16 inches to a flat surface. On eaves I shoot for about half way from the wall...- tech_junkie
- Post #11
- Forum: Camera Installation Questions
-
T
Building separate networks for home use
Its all in application. But I would assign a different outside IP for camera hosting instead of port forwarding on my home network. Not only i remove potential hacking from having a different IP address, I wouldn't have the performance hit either. In town I have only set up 3 businesses that...- tech_junkie
- Post #14
- Forum: Networking
-
T
Building separate networks for home use
What you have is similar but it operates differently. What happens when you lease an IP or two (sometimes you even have to lease four ip addresses, depends on how the local isp sells them ) is that those IP addresses are assigned at your routers. And instead of sharing bandwidth, you are...- tech_junkie
- Post #12
- Forum: Networking
-
T
Cameras and browser
One thing you can't do on some cameras is run concurrent connections from the same computer, because its already logged in at a different service port. There are some that only allow one login on a service port or you have to configure multiple users for that function to work. Its just something...- tech_junkie
- Post #26
- Forum: Networking
-
T
POE testing to see if Cable is bad?
I will tell you the common thing you should change out arbitrarily when you loose connection over time is the RJ-45 ends on the POE Ethernet cables. Its best to use the old style end than the feed through because the feed through design has a higher failure rate outside. Long runs will shorten...- tech_junkie
- Post #6
- Forum: NVR's, DVR's & Computers
-
T
ZeroTier and Dual Nic
The pitfalls of self signed certificates is well documented and the standard practice to deploy Public TLS/SSL CA Certificates with these programs when you apply the internet to them. Ignore me if you want, but its your own fault if you get hacked.- tech_junkie
- Post #19
- Forum: Cyber Security
-
T
ZeroTier and Dual Nic
NEVER underestimate a hacker. Especially advanced ones that can make efficient automatic code and pass it around to other hackers.- tech_junkie
- Post #17
- Forum: Cyber Security
-
T
ZeroTier and Dual Nic
Then they need to repair it and others publish the CVE and boycott their products until they comply. It is ludicrous to cover for them by hiding a vulnerable system and not say anything about it.- tech_junkie
- Post #16
- Forum: Cyber Security
-
T
Long outdoors netwok cable run
Believe me, some of this when you are going into the hardware level and trying to explain it in a concise way to a general audience, its hard not to appear vague.- tech_junkie
- Post #41
- Forum: Networking
-
T
Is ZoneMinder still being actively developed?
So you are trying to consolidate viewing into one page, correct? a lot of them have send alerts via email so that theoretically can be used and have it forward into your openHAB (which looks like a raspberry pi 4) In your custom web page, you would use the <object> html tag for each camera. you...- tech_junkie
- Post #21
- Forum: ZoneMinder
-
T
Is ZoneMinder still being actively developed?
Sounds interesting, what cameras you are using? With linux, all you have to do is create an internal webpage and assemble your functional code. The bulk of these camera viewing software is web2.0 so they are not making real programs for remote viewing and using ASP.net for their programing...- tech_junkie
- Post #19
- Forum: ZoneMinder
-
T
ZeroTier and Dual Nic
Zerotier by its self 'Phones home' and OpenVPN uses self sign certificates so its suseptible to MTM attacks. Unless the NVR uses poor authentication methods, There is nothing wrong with serving a NVR on its own outside IP address with a public CA certificate. Which is the real secure method.- tech_junkie
- Post #14
- Forum: Cyber Security
-
T
Long outdoors netwok cable run
That is because people can explain the same function in different ways and even different PSE controller IC datasheets will explain the same thing in different ways. Here is an IC that is used in 8 port POE switches: https://www.ti.com/lit/gpn/tps23881b They explain it as a "current fold back...- tech_junkie
- Post #39
- Forum: Networking
-
T
Setting up VPN/VLAN and Dual NIC
Like I said both methods are valid. The difference is one is by vlan and the other is by a bridge router. Since they want to know how to set it up without configuring any VLANs I showed them those examples.- tech_junkie
- Post #102
- Forum: Networking
-
T
Setting up VPN/VLAN and Dual NIC
Its not really a loop because the camera network is a separate static network. Its not like the BI machine has its interfaces bridged. The two common ways is using a bridging router or use managed switches at both ends with the ports divided into two vlans and a cable patched across. Either way...- tech_junkie
- Post #100
- Forum: Networking
-
T
Setting up VPN/VLAN and Dual NIC
I'm not familiar with the fiber media converter they are using, but if it has an arp/mac table its going to take up a switch/node count.- tech_junkie
- Post #98
- Forum: Networking
-
T
Setting up VPN/VLAN and Dual NIC
Actually there is a switch limit on a network segment. Its how you get around that is the real question. 3 is the hardware node limit and 7 hops on a logical spanning tree.- tech_junkie
- Post #95
- Forum: Networking
-
T
Setting up VPN/VLAN and Dual NIC
This is the preferred method of hardware port forwarding: From the ONT, in this case Cspire 10G, you inset an unmanaged switch then the existing router's wan port connects to this switch and for every outside ip address you add a new router and its WAN port to this switch. Its not going to slow...- tech_junkie
- Post #93
- Forum: Networking
-
T
Setting up VPN/VLAN and Dual NIC
All these remote connect systems (software port forwarding) from cameras, no-ip forwarding to VPNs that are using a web entry point have in their software or hardware programmed initiate a persistent connection to the web endpoint and none of them are truly hacker proof. That is why hosting the...- tech_junkie
- Post #92
- Forum: Networking
-
T
Setting up VPN/VLAN and Dual NIC
There has to be a real logical explanation to this other than a blanket statement. Because some of those cameras are 'cloud cameras' meaning they connect to a cloud server. You've seen them. They require the user to make a cloud account in order to set them up, But any hacking using this is...- tech_junkie
- Post #74
- Forum: Networking
-
T
Zerotier android bug in latest update
A lot of them are self hosted in one way or another and for just accessing a .net web app on a network, I can't see why it would be any safer (which its probably less) than hosting the BI server with a public CA and install the client certificate manually. At least the endpoint is not the...- tech_junkie
- Post #26
- Forum: Cyber Security
-
T
Setting up VPN/VLAN and Dual NIC
I really don't see why a vlan is needed. Its just another thing to set back up after a hardware failure. Plus everything else can't communicate to the outside and the other methods I used you can implement mac filtering so only the gate controller is allowed. So what is the point of the Vlan for...- tech_junkie
- Post #72
- Forum: Networking
-
T
Zerotier android bug in latest update
Well since that works, I'll post the APK If there is a newer version other than the Nov2023 that works let me know... Because I will post it. SHA256 e59d6b50940f8d0deaa3accaee05a0a7b599f5e131bc401aeb3db78aa59b397f I'll send them an email just in case they are not aware of this IPV6 issue...- tech_junkie
- Post #25
- Forum: Cyber Security
-
T
Security camera installer reuses passwords
I find it worse than you think. As I ran into several security companies doing the same thing over the years. I remember having to talk to one about this and suggested to them password schemes based on their account numbers. At least that would be more distinct from customer to customer instead...- tech_junkie
- Post #27
- Forum: Cyber Security
-
T
Setting up VPN/VLAN and Dual NIC
no problem. I did notice you chiming in and it will be interesting to see what they do to get around the 3 switch limit on a network segment. Which no one here really discussed that but me.- tech_junkie
- Post #70
- Forum: Networking
-
T
Hikvision Door Controller with 3rd party Readers
A lot of those HID readers use programming cards to set modes. Which I had to do to make them work on DMP systems.- tech_junkie
- Post #6
- Forum: Hikvision
-
T
Setting up VPN/VLAN and Dual NIC
I'm looking forward to what they come up with. Because there are a few valid ways to do all of this, I just showed you the easier ones to maintain in case of equipment failure. Of course we can get more complicated but I don't think setting up networking redundancies is that critical compared to...- tech_junkie
- Post #67
- Forum: Networking
-
T
Crowdstrike Affecting Windows Computers Globally.
And people wondered why I set up my server farm for web hosting on Linux across 230 servers.- tech_junkie
- Post #2
- Forum: Cyber Security
-
T
Wi-tek WI-LTE117-O router port forward issue
if you use self signed certificates with any connection type/services its going to be vulnerable.- tech_junkie
- Post #13
- Forum: Networking