You're probably port forwarding and being scanned by hackers. Read these two threads and get a VPN going, an inbound VPN not the services you see advertised to hide your surfing. Those are outbound VPNs.
Many camera networks are unsecure, even those installed by professionals. This guide gives basic instruction in how to secure a camera network from the most common types of attacks. Perhaps the most important rule of securing a computer network is to not forward ports to unsecure services...
The internet is a force of nature; no video surveillance system made was designed to be exposed to those forces.. NEVER FORWARD PORTS to your NVR or Cameras, doing such things not only exposes you to severe security problems, but everyone else on the internet too.. Hackers dont want your video...
I have a single port (8080) forwarded for the Blue Iris ui3 interface. The "guest" account is disabled and in order to open that webpage a user/pass combo is required.
Do I need a VPN for this webpage?
It appears that they're scanning port 80 but that port's not open to the internet according to the IPCT open port checker.
If you have a port open for any reason it is a risk. 8080 is a very common alternate port for port 80 and will get hammered. Every attempt is moving the point of probability closer and closer to being hacked. Use a VPN, OpenVPN is easiest, and stop forwarding ports. Yes, it's an extra step on the remote device when you want to access your BI machine, or anything else on your LAN, but it is pretty good insurance and doesn't cost a dime.
You do show a remote connection made on port 80. See third line. But it's to BI Tools on that same remote IP? I don't use it but does BI Tools use some server located in the UK that would be making a connection to your system on port 80? Watchdog or something like that maybe?
I was hoping to gain some insight from the BI Tools dev about that. I know it watches port 8080 for the watchdog function but the three other connections to the UK from the same IP address on port 80 are what's concerning.
Does he have it connecting to an Oracle server overseas for some legitimate reason?
Could be some edge server that's in the pool for whatever hosting service BI Tools uses. Given the Oracle Cloud origin that would make sense. I get connections from all over for some other US-based products/services that I use (but they're not coming in through an open port).
Still sounds very fishy to me. I've been running BIT for years and have never had any outside connections to it, let alone a connection from the UK, and that could easily be a spoofed address anyway.
I don't know BI Tools well enough to know how it's set up and what connections are made but @Mike does. Maybe he'll chime in.
In any case, putting up the VPN still is a good idea. Won't help with outgoing connections but will block some incoming returns and unsolicited attempts.
Yeah, some random process or connection to a sketchy server somewhere I'd definitely be giving side-eye to. I think there's probably a more innocent answer in this case. You'll see the same these days with lots of US cloud-based services so doesn't cause me too much concern just based on that alone. Given things like Watchdog, it needs to connect somewhere. @Mike should be able to clear things up.
But seriously, now and again I open the odd port when tinkering around with stuff... It only takes a couple of hours for bots to start hammering my ports... luckily for me I have a good understanding of networks so these get blocked but I always tell people unless you understand what you are doing then don't open ports and keep your LAN behind a VPN or some sort of tunnel whereby ports don't need to be forwarded on your router to gain remote access to your LAN.
After a 12+ hour virus and malware scan, good news... nothing found!
I'm currently thinking it's probably not nefarious but I'm going forward with some type of shield against external threats (VPN, ZeroTier, etc). The problem right now is that the system this is occurring on is >2,000 miles away and I don't want to mess something up and lose my remote connection. That's a looooong drive!
