marigo
Getting the hang of it
When you have an ICMP echo reply to the camera try to connnect with Dahua's configtool on port 3800 and see if it stays connected.
Maybe worth the try?
Maybe worth the try?
True, but that would be unnecessary. Your bank's website has been coded and is regularly tested to withstand the types of attacks that you face on the internet. Additionally, one would hope that the bank has additional layers of security designed to detect and mitigate attacks as soon as possible including things like intrusion detection systems, nex gen firewalls, anomaly detection systems, monitoring, and proper network segmentation. Most of us don't have those layers at home. TLS/SSL is just a protection against sniffing and some MITM attacks. It dows not affect the security of the endpoints talking through the tunnel in any manner.Welp, you don't do your banking over VPN.
you better make sure that vpn server is actually kept patched and updated, some people think VPN's and firewalls are magic, they are not. If you are running some shitty home router or an old ass cisco device you're vpn is probably just as vulnerable as anything else because the firmware hasn't been updated in ages. You can also be sure those lame ass home routers aren't doing anything advanced at all lol. Not saying you don't have that, just saying people think because it's a VPN it's a magic bullet, it is not. Plus everyone who knows anything about IT security knows, if someone wants you bad enough, aint nothing gonna stop them.True, but that would be unnecessary. Your bank's website has been coded and is regularly tested to withstand the types of attacks that you face on the internet. Additionally, one would hope that the bank has additional layers of security designed to detect and mitigate attacks as soon as possible including things like intrusion detection systems, nex gen firewalls, anomaly detection systems, monitoring, and proper network segmentation. Most of us don't have those layers at home. TLS/SSL is just a protection against sniffing and some MITM attacks. It dows not affect the security of the endpoints talking through the tunnel in any manner.
While I have a lot of trust in what BI is designed for, I don't have faith that it has been coded to protect against most web vulnerabilities, nor do most end users have the knowledge or resources to protect their networks should their BI machine be compromised. VPN servers are hardened endpoints, so they can significantly mitigate that risk.
Your VPN Server running on your router is Open Source, and has been audited for security vulnerabilities by professionals non-stop for oh, the last 15 years or so.. Give me half a day w/BlueIris's source code and I'll find enough issues to take down every BlueIris box stupidly connected to the internet a few times over.you better make sure that vpn server is actually kept patched and updated, some people think VPN's and firewalls are magic, they are not. If you are running some shitty home router or an old ass cisco device you're vpn is probably just as vulnerable as anything else because the firmware hasn't been updated in ages. You can also be sure those lame ass home routers aren't doing anything advanced at all lol. Not saying you don't have that, just saying people think because it's a VPN it's a magic bullet, it is not. Plus everyone who knows anything about IT security knows, if someone wants you bad enough, aint nothing gonna stop them.
go for it, i'm sure everyone would like to see all the hacks you find.Your VPN Server running on your router is Open Source, and has been audited for security vulnerabilities by professionals non-stop for oh, the last 15 years or so.. Give me half a day w/BlueIris's source code and I'll find enough issues to take down every BlueIris box stupidly connected to the internet a few times over.
You can have all sorts of security issues and be quite fine; its called attack surfaces.. VPN is a hardened attack surface.. your router likely has no exposed surfaces of its own, so even if its chocked full of bugs its likely only exploitable by someone actually on your network and whom already made it past it.
Take a $10k bike, chain it up in your garage and it'll be relitavely safe.. Take a $10k bike and chain it to your mailbox and now the attack dont need to penetrate your house first, the'l just kick your mailbox over and ride off.
Like This: Blue iris massive security flaw!!!! All your recordings are visible to all usersgo for it, i'm sure everyone would like to see all the hacks you find.
Agreed. Applies to all internet facing software, and most internal facing software.[/QUOTE]you better make sure that vpn server is actually kept patched and updated, some people think VPN's and firewalls are magic, they are not.
Also agreed. However, using a tool that is designed to be hardened and exposed to the internet - is better than using a tool that has not.[/QUOTE]just saying people think because it's a VPN it's a magic bullet, it is not.
As a 20 year infosec pro who has built and run successful security teams at some of the largest companies in the world, I agree. But that argument is often used as an excuse to justify security that is not commensurate with the risks. Determined hackers are hard to stop, but they tend to be well-resourced and target weaknesses in the human part of the chain to get to a specific goal. But most technical hacks against systems like this on consumer sections of the internet are not targeted, they are used against victims of opportunity. I for one, want my network to be inopportunePlus everyone who knows anything about IT security knows, if someone wants you bad enough, aint nothing gonna stop them.
I am so stealing that analogy.Take a $10k bike, chain it up in your garage and it'll be relitavely safe.. Take a $10k bike and chain it to your mailbox and now the attack dont need to penetrate your house first to even know the bike exists, the'l just kick your mailbox over and ride off.
Just my 2c, I have an iPhone 7plus that runs OpenVPN to my pfsense VM that hosts an OpenVPN server. I've never noticed any additional drain on the battery caused from the VPN. Granted I don't keep Blueiris app running in the background. I only check it when I get a notification push. And these come through a different channel, you don't need to be connected to get the notifications. (Push notifications hit apple's push service which then goes to mobile phone, don't need app running or connected to get them)Not everyone wants to run a VPN client on their phone 24/7 and drain the battery in an hour, and firing up a VPN everytime you wanna check in on your cameras is also annoying.