Starlight varifocal turret (IPC-HDW5231R-Z) Slow response

[M S]

I have got 2 cameras on the same POE switch and being accessed over wifi in a similar way. I am accessing them directly from their web interface on IE.

One of the camera is quite responsive and the LIVE screen or any other screen/webpage comes up in a very responsive manner. On the second camera same screens or pages like setup come after a delay of 1-2 seconds. Sometimes the live screen showing the video stream would go "Resource is limited, unable to open video stream" and then after a few seconds the stream would show up.

My questions is why the difference between response times between two cameras.

 

[nayr]

open a continuous ping to the trouble camera and see if your dropping packets.

 

[M S]

Good idea. Thanks. No dropped packets but some slow packets among the mix. Here is the report after few minutes of run

Ping statistics for 192.168.0.201:
Packets: Sent = 540, Received = 540, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 1ms, Maximum = 327ms, Average = 10ms

That maximum round trip of 327ms is not good. I will keep checking my network.

 

[Fruit]

You might have Mirai...(i know i do...)

Mirai (malware) - Wikipedia

 

[wantafastz28]

I have some hesitation on zoom in the web interface on all cameras from time to time...different cameras have different times, but nothing bad enough for me to get irritated about. It has done it on my ptz for turning left, a restart fixed it when I'm being impatient.

 

[M S]

@Fruit - you might as well be true. I have been seeing massive requests for ssh login in my router logs. Here is a sample

Feb 22 14:12:36 dropbear[21472]: Login attempt for nonexistent user from 185.15.144.111:62369
Feb 22 14:12:36 dropbear[21472]: Login attempt for nonexistent user from 185.15.144.111:62369
Feb 22 14:24:23 dropbear[22202]: Bad password attempt for 'admin' from 85.93.5.70:60608
Feb 22 14:24:26 dropbear[22203]: Bad password attempt for 'admin' from 85.93.5.68:41492
Feb 22 14:24:29 dropbear[22205]: Bad password attempt for 'admin' from 85.93.5.68:38280
Feb 22 14:29:47 dropbear[22500]: Login attempt for nonexistent user from 185.15.144.111:49324
.......
Feb 22 14:40:58 dropbear[23133]: Login attempt for nonexistent user from 111.207.202.5:16063
Feb 22 14:41:00 dropbear[23134]: Login attempt for nonexistent user from 111.207.202.5:16195
Feb 22 14:47:05 dropbear[23460]: Login attempt for nonexistent user from 185.15.144.111:52650
Feb 22 14:47:06 dropbear[23460]: Login attempt for nonexistent user from 185.15.144.111:52650
Feb 22 14:50:53 dropbear[23672]: Login attempt for nonexistent user from 46.148.18.163:46564
Feb 22 15:04:22 dropbear[24499]: Bad password attempt for 'admin' from 185.15.144.111:55866
Feb 22 15:07:03 dropbear[24634]: Login attempt for nonexistent user from 46.148.18.163:33237
Feb 22 15:38:50 dropbear[26420]: Login attempt for nonexistent user from 46.148.18.163:45448

I am unable to see how it got infected. I never opened any ports and used openvpn to check from outside.

What's worse is in my quest to rectify the sluggishness, I tried to update the firmware (it went to around 85% and got stuck after which I power cycled the camera by yanking cat6 from POE end) and seems like have partially bricked the camera. So far diagnosis is

- ping is working
- HTTP API commands over cgi are working. I am able to reboot, get params etc.
- I had setup email alerts with IVS rules. They are also working. Actually they seem to have gone into overdrive. I am getting like 40-50 alerts per hour. This might be just me creating some very generous IVS rule.
- But no web UI. All I get is a big fat "404 not found" when I visit http://<IP OF CAMERA>

Any ideas what have I done :-| Any pointers to correct this.

Thanks

 

[nayr]

Updating the firmware was a bad idea with network issues going on.
Download the firmware from the first post of: Dahua Starlight Varifocal Turret (IPC-HDW5231R-Z)
Download the Dahua ConfigTool v3, connect and login and try to push the firmware file that way.

but your gonna have to fix your network, close any forwards... turn off uPnP on your router, reboot everything

 

[M S]

@nayr - Thanks man. I owe you a beer. Ping next time you are in San Jose area. Configtool fixed it. Also took care of UPnP and made SSH as LAN only. Earlier logs I showed were for SSH login attempts (dropbear) Since port 22 was open on WAN for SSH, fine bots of the net kept hitting the wall. Hopefully it wasn't Mirai.

Thanks..

 

[nayr]

there's no telnet running on this new firmware so Mirai should be quite stifled even if you ignored all the warnings to change the default credentials.

create a backup/backdoor admin login for your self incase you get locked out of the main one (typo on a password = hammering incorrect credentials = lockout), they making it more difficult to get in and not even soldering on a reset button.

its good basic security practices though and nothing absurd, yet.. heh

 

[M S]

I did change the passwords while it was still on the factory coded ip. Totally agree on the basic security practices. Still I don't think I can get Mrs M S to use LastPass or similar.