DOS attack's

Dave Rolewicz · Dec 12, 2020

I seem to be getting a lot DOS attach's on my computer that hosts Blue Iris. I have port forwarding set up to go to IP address of the machine that the software. If I change the forwarding to come from only one IP address (my cell phone) I can get it to stop. The cell IP changes so that does not work. What are some ways I can stop this. I have Netgear 6900 from Costco.

alastairstevenson · Dec 12, 2020

Dave Rolewicz said:
I have port forwarding set up to go to IP address of the machine that the software.

That lets the entire internet in to the PC.
A risky thing to do.

If you need to have remote access - you'd be best to set up a VPN as a more secure method.
Very many posts on the topic.
And some how-tos here :

How to Secure Your Network (Don't Get Hacked!)

Many camera networks are unsecure, even those installed by professionals. This guide gives basic instruction in how to secure a camera network from the most common types of attacks. Perhaps the most important rule of securing a computer network is to not forward ports to unsecure services...

ipcamtalk.com

Dave Rolewicz · Dec 12, 2020

alastairstevenson said:
That lets the entire internet in to the PC.
A risky thing to do.

If you need to have remote access - you'd be best to set up a VPN as a more secure method.
Very many posts on the topic.
And some how-tos here :

How to Secure Your Network (Don't Get Hacked!)

Many camera networks are unsecure, even those installed by professionals. This guide gives basic instruction in how to secure a camera network from the most common types of attacks. Perhaps the most important rule of securing a computer network is to not forward ports to unsecure services...

ipcamtalk.com

First thing that links says "dont not use port forwarding" Oops... I will get that fixed. I am using the app on my cell phone. That's the only access I need to it. I

Thanks

Flintstone61 · Dec 12, 2020

I got it working with port forwarding on port 81, and the Blue Iris App. I tried the app for the first time today after watching the Blue iris support Youtube video. This is my practice platform Blue Iris home computer. My real Blue Iris is at a Condo. I am the Site manager. It's not allowed on the internet. mostly because it's not available at my rack where I manage 26 cameras. People seem to cringe when i post iphone pics of the setup because im not using snip tools, whatever. I'm not playing sneakerNet with a usb stick and a 14 mile drive to post stuff. Unless it's really important.

mikeynags · Dec 12, 2020

Flintstone61 said:
I got it working with port forwarding on port 81, and the Blue Iris App. I tried the app for the first time today after watching the Blue iris support Youtube video. This is my practice platform Blue Iris home computer. My real Blue Iris is at a Condo. I am the Site manager. It's not allowed on the internet. mostly because it's not available at my rack where I manage 26 cameras. People seem to cringe when i post iphone pics of the setup because im not using snip tools, whatever. I'm not playing sneakerNet with a usb stick and a 14 mile drive to post stuff. Unless it's really important.

What is the point of your post? My apologies, but I am struggling to understand what you are saying and how it relates to this thread....

looney2ns · Dec 12, 2020

Flintstone61 said:
I got it working with port forwarding on port 81, and the Blue Iris App. I tried the app for the first time today after watching the Blue iris support Youtube video. This is my practice platform Blue Iris home computer. My real Blue Iris is at a Condo. I am the Site manager. It's not allowed on the internet. mostly because it's not available at my rack where I manage 26 cameras. People seem to cringe when i post iphone pics of the setup because im not using snip tools, whatever. I'm not playing sneakerNet with a usb stick and a 14 mile drive to post stuff. Unless it's really important.

Do what???
Do not forward ports.

Flintstone61 · Dec 12, 2020

Sorry guys, I was blathering on about unrelated stuff. I dont get why Blue iris would have a you tube tutorial on port 81 if its so flawed

mikeynags · Dec 12, 2020

Flintstone61 said:
Sorry guys, I was blathering on about unrelated stuff. I dont get why Blue iris would have a you tube tutorial on port 81 if its so flawed

It has nothing to do with Blue Iris really, it's more about general Internet security. Opening ports to expose services invites other nefarious types that wanna see what you have on the network that they can potentially use to gain a foothold and do bad things to you or use your network for other activities.

wittaj · Dec 12, 2020

Same reason Ring and Nest and Arlos use UPnP and such - makes it easy for the unknowing consumer or one that doesn't care and just wants easy.

You will find many on this site that also don't use or trust Alexa for the same reason...

Flintstone61 · Dec 12, 2020

So is the Blue Iris App capable of accessing your cams thru a VPN then?

wittaj · Dec 12, 2020

^Yes it is - if it is the proper VPN that is on your home network and not one of the paid ones that is intended to hide your IP address.

SouthernYankee · Dec 12, 2020

More on security. Your cameras should not have direct access to the internet. It is recommended that the cameras be on a separate network (subnet) with out access to the internet. Or if using BI use a second NIC and set up a separate network. Some routers allow you the block devices based upon there MAC address, but some chinese hack cheapo cameras spoof the mac address to get around this block.

I use no IOT devices. as always wifi can be jammed or blocked easily.

SouthernYankee · Dec 12, 2020

for the second time today....

-----------------------------------------------
My general VPN post
There are two types of VPN, do not get them confused.
The type depends on where the traffic conversation (traffic) originates

1) origination: local home network, destination the internet.
This type of VPN is purpose to hides your activity from the internet, it is outbound, it normally costs a monthly fee to use. Direction is from your home PC to the internet, going to your bank, google, porn sites,,,, this not what you want. This VPN uses a VPN server that is in the middle of your communications.

2) Origination: the internet world wide web, destination: your home network.
This VPN type is used to provide a secure connection onto your local network, in bound to you local home network, from your office computer, your cell phone in your car, tablet at the coffee shop.. This is what you want, it does not have a monthly fee and is normally completely free. OpenVPN is this type of VPN.

If your home internet provider is a cellular network, then DDNS (dynamic Domain Name System) may not work, the DDNS is needed for most Inbound VPN services (OpenVpn) to get your home IP address (it is not static) so OpenVPN may not work for you.

A video on the paid VPN.
------------------------------------------------------
Hacked VPNs

Report: No-Log VPNs Reveal Users' Personal Data and Logs

A group of free VPN (virtual private network) apps left their server completely open and accessible, exposing private user data for anyone to see. This lack of basic security

www.vpnmentor.com

Naked Security – Sophos News

nakedsecurity.sophos.com

-----------------------------------------------------

Dave Rolewicz · Dec 14, 2020

What VPN router would you recommend? Lots of bells and whistles that I probably never use. I like how the interface shows how much data each host is using.
ASUS RT-AC5300 AC5300 ???

looney2ns · Dec 14, 2020

https://www.amazon.com/dp/B00FB45SI4/ref=cm_sw_r_cp_apa_fabc_Q7-1FbDHV02AE

Flintstone61 · Dec 14, 2020

I feel like I’m reaching my pinnacle of comprehension this week. Now i’m going to play around with openVPN and blue iris app. Before i can unleash a BI system on my housemates, i need to understand it backwards and forwards, because,,,,i’m goung to end up being tech support. english is not their first lang.

SouthernYankee · Dec 14, 2020

^^^^^ @looney2ns .

Flintstone61 · Dec 14, 2020

I put the furniture from Ikea together and then pull the instructions out of the trash when it all gets Hairy.

Flintstone61 · Dec 14, 2020

Flintstone61 said:
I put the furniture from Ikea together and then pull the instructions out of the trash when it all gets Hairy.

Ok Ok Ok I'm wiki'ing my ass over to VPN for Noobs......thx

th182 · Dec 14, 2020

Just to add. If you have CenturyLink as your internet provider, for $10/month they will give you a static IP address. You have to go through several layers of customer service representatives until they understand what an IP address is and what you mean by Static, but it’s possible.

Likely not a worthy expense for accessing your cameras, but if you have access your home network enough or can’t use dynamic DNS for whatever reason, it’s an option.

Sent from my iPhone using Tapatalk

Search

DOS attack's

Dave Rolewicz

n3wb

alastairstevenson

How to Secure Your Network (Don't Get Hacked!)

Dave Rolewicz

n3wb

How to Secure Your Network (Don't Get Hacked!)

Flintstone61

Known around here

mikeynags

Known around here

looney2ns

Flintstone61

Known around here

mikeynags

Known around here

wittaj

Flintstone61

Known around here

wittaj

SouthernYankee

SouthernYankee

Report: No-Log VPNs Reveal Users' Personal Data and Logs

Naked Security – Sophos News

Dave Rolewicz

n3wb

looney2ns

Flintstone61

Known around here

SouthernYankee

Flintstone61

Known around here

Flintstone61

Known around here

th182

BIT Beta Team