Hi Everybody,
After reading about the privilege escalation vulnerability found in the Hikvision cameras, I thought I would take a detailed look at what my network camera is up to.
One of the good things about Mikrotik RouterOS is being able to see exactly what IP connections are happening at any time, both in and out, in real time.
I'm a more than a little concerned that my DS-2CD2342WD-I camera has a continually established outbound TCP connection to 52.20.73.96 on port 6800.
This address comes up as being in the USA;
52.20.73.96 IP Address Details - ipinfo.io
I've seen a thread about Hikvision NVRs establishing a connection to an Amazon AWS address, but not the cameras.
This seems a little suspicious, I'm going to sniff the traffic and see if I can tell what is going on.
I can easily block outgoing connections from my cameras IP address, does it really need access to the internet to operate?
Regards,
Lunokhod.
After reading about the privilege escalation vulnerability found in the Hikvision cameras, I thought I would take a detailed look at what my network camera is up to.
One of the good things about Mikrotik RouterOS is being able to see exactly what IP connections are happening at any time, both in and out, in real time.
I'm a more than a little concerned that my DS-2CD2342WD-I camera has a continually established outbound TCP connection to 52.20.73.96 on port 6800.
This address comes up as being in the USA;
52.20.73.96 IP Address Details - ipinfo.io
I've seen a thread about Hikvision NVRs establishing a connection to an Amazon AWS address, but not the cameras.
This seems a little suspicious, I'm going to sniff the traffic and see if I can tell what is going on.
I can easily block outgoing connections from my cameras IP address, does it really need access to the internet to operate?
Regards,
Lunokhod.