james99
Getting the hang of it
- Joined
- Jun 20, 2015
- Messages
- 129
- Reaction score
- 8
Who is watching you? Russian website puts local cameras online
- Thread starter james99
- Start date
nayr
IPCT Contributor
This is one of many reasons why you dont forward ports, setup a VPN or dont connect remotely, then for good measure firewall the cameras off from all access too and from the internet.. as connections coming through VPN wont be originating from the internet as far as the firewall is concerned.
Del Boy
Getting comfortable
I've got the ultimate firewall. An air gap.
Unless I go on holidays, in which case I rely on not forwarding ports. Didn't think of VPN and having a local IP filter.
Unless I go on holidays, in which case I rely on not forwarding ports. Didn't think of VPN and having a local IP filter.
Many cameras set up port forwards in your router without your knowledge or consent, using UPnP. I advise that the UPnP be disabled in the router to prevent this.
wxman
Pulling my weight
While I can understand it being a big issue with cameras inside ones home, I don't really see that big of a deal with outdoor cameras. I mean, people driving by your house can see your yard. People in helicopters can see your yard. Anyone can get an old looks at your yard through landsat images and google street view. I don't know, maybe it's just me, but I really couldn't care less if someone wants to waste their time watching a live view of my yard....and anytime I'm at a public place, I would expect to be on camera at all times from one source or another.
nayr
IPCT Contributor
yeah but on street view I cant watch you pack up all your stuff and head off on a family holiday while I call up my boys and there moving truck..
its one thing having stale imagery of publicly viewable areas, its another thing to have live feeds all around your property.. google blurs out license plate numbers and faces, your security cameras provide alot more info on your security and activities.
its one thing having stale imagery of publicly viewable areas, its another thing to have live feeds all around your property.. google blurs out license plate numbers and faces, your security cameras provide alot more info on your security and activities.
wxman
Pulling my weight
License plate really isn't much of a secret. Anyone driving by the house or behind me on the road can easily see that. Maybe I don't have a good "criminal mind", but would seem to me if I wanted to rob a place, I would be deterred by finding out that the place has cameras broadcasting live on the web...To each his own, I guess...
nayr
IPCT Contributor
well I have a criminal mind, whatever that means, its why I am in security.. I can see the flaws in most any system and devise a way around em.. but im a white hat through and through.
all it takes is a $2 mask to defeat the cameras, and viewing online you know know all the locations, views, and blind spots of every camera... have you never seen an action movie where they hijack the cctv system to there own advantage? well now you dont even need to hijack it because your just giving it to them free and clear.. hell they can even stay inside safe knowing there are no cops or home owners sneaking up on em.. why would a criminal be afraid of some cheap Chinese cameras with a shitty view? they arent now, they know almost all residential cameras are made up of and they end up producing shit that cant be used for anything 9 times out of 10.. if you have cameras and all that security you must have something worthwhile to steal, mebe your a drug dealer and if not you more than likely to have a bunch of guns and cash on the property.. and its safer to take those when you know that the gun owner is away.
Go check out the capture section of these forums, alot of videos of criminals seeing the camera.. looking right into it, and then proceeding to not give a fuck and continue on like it was not even there... the majority of em who see em dont even react.
I'll tell you guys a true story, about 10 years ago I do my normal weekly visit to my drug dealer off Colfax.. I come in and displayed on the guys huge 70" TV is a whole array of security cameras and about 8 people hanging out there are watching them.. he then proceeds to show me this site he found that taught him to google for open CCTV cameras, and he found some ones setup.. about 28 cameras inside and out, all over the place.. you could tell it was very nice property, I inquire more into why they just watching it for leisure and they say the trophy wife walks around in the nude and the guy is obviously loaded with nice cars and they trying to figure out where he lives, they had already geo-ip looked up the IP and knew the city/state/zip code... I just shook my head, got my bag of dope and left.
and thats just the bored drug dealer and his cronies, not the neighbor you pissed off, former lover, or the gang bangers down the street whom might actually be targeting you and not just looking for opportunities.
thank your deities I can buy my shit legally now, have not had to buy a single bit cannabis off the black market in many years now...
all it takes is a $2 mask to defeat the cameras, and viewing online you know know all the locations, views, and blind spots of every camera... have you never seen an action movie where they hijack the cctv system to there own advantage? well now you dont even need to hijack it because your just giving it to them free and clear.. hell they can even stay inside safe knowing there are no cops or home owners sneaking up on em.. why would a criminal be afraid of some cheap Chinese cameras with a shitty view? they arent now, they know almost all residential cameras are made up of and they end up producing shit that cant be used for anything 9 times out of 10.. if you have cameras and all that security you must have something worthwhile to steal, mebe your a drug dealer and if not you more than likely to have a bunch of guns and cash on the property.. and its safer to take those when you know that the gun owner is away.
Go check out the capture section of these forums, alot of videos of criminals seeing the camera.. looking right into it, and then proceeding to not give a fuck and continue on like it was not even there... the majority of em who see em dont even react.
I'll tell you guys a true story, about 10 years ago I do my normal weekly visit to my drug dealer off Colfax.. I come in and displayed on the guys huge 70" TV is a whole array of security cameras and about 8 people hanging out there are watching them.. he then proceeds to show me this site he found that taught him to google for open CCTV cameras, and he found some ones setup.. about 28 cameras inside and out, all over the place.. you could tell it was very nice property, I inquire more into why they just watching it for leisure and they say the trophy wife walks around in the nude and the guy is obviously loaded with nice cars and they trying to figure out where he lives, they had already geo-ip looked up the IP and knew the city/state/zip code... I just shook my head, got my bag of dope and left.
and thats just the bored drug dealer and his cronies, not the neighbor you pissed off, former lover, or the gang bangers down the street whom might actually be targeting you and not just looking for opportunities.
thank your deities I can buy my shit legally now, have not had to buy a single bit cannabis off the black market in many years now...
Last edited by a moderator:
Thanks for that.. Got a new router wrt1900 ac..it could not have been easier to turn on vpn and the app. Amazing and access to cams away on any internet connection. Should i do that firewall for cams? I do not port forward like a used to but have no clue how to do that? Or vpn enough?
nayr
IPCT Contributor
if they can make an outbound connection to the internet that can be used as a backdoor into your network, if you can create a group of hosts containing all your camera's IP's then create a filter blocking all internet access from them.
copex
Getting the hang of it
you don't even have to be a hacker try going to Google and searching one of the lines below 
Stolen from hxxp://technocr.com/google-search-tricks/
JDWX
Getting the hang of it
With your expert knowledge, it would be a truly nice service if someday you wrote a "how to" article on securing the typical home setup. Like someone running Blue Iris that traditionally accesses the cams through that application on a smartphone etc. I have some ideas on how it works, but I'd be seriously thankful hearing some potential solutions to add security to a typical setup from an industry professional's point of view. At least as secure as it could be considering external access, lol..
~john
nayr
IPCT Contributor
I have not touched a Windows PC in decades, never even used BlueIris, therefore it would not be appropriate for me to write such a thing.. and there is no such thing as a typical home setup, its going to vary greatly depending on the hardware you have.
the best I can do is generic theory, and thats what I stated above.. I am a firm believer that security is near worthless if you dont understand it and use it correctly.. so a generic howto anything isint going to cut it, you have the entire internet at your disposal.. use it.
the best I can do is generic theory, and thats what I stated above.. I am a firm believer that security is near worthless if you dont understand it and use it correctly.. so a generic howto anything isint going to cut it, you have the entire internet at your disposal.. use it.
JDWX
Getting the hang of it
Unfortunately it's a vast internet with much misinformation. And even having a decent grip on networking etc, it can often be vexing to get exactly what is needed. Of course, they don't exactly teach this sort of thing in CCNA land, lol..
But I get what you mean.
But I get what you mean.
nayr
IPCT Contributor
If you can manage to forward ports, you can manage to setup a VPN Server and Clients.. presuming you have the capabilities already in your router like port forwarding.
They make all sorts of tech idiots use VPN to check there work email, from C level executives to Sales and Marketing.. by the hundreds of thousands.
The biggest thing to avoid is the confusion between paying someone else to run a VPN Server so you can hide your IP/Location, usefull for viewing content not avilable in your country.. and running your own vpn server on your own network so you can get full access while remote.
They make all sorts of tech idiots use VPN to check there work email, from C level executives to Sales and Marketing.. by the hundreds of thousands.
The biggest thing to avoid is the confusion between paying someone else to run a VPN Server so you can hide your IP/Location, usefull for viewing content not avilable in your country.. and running your own vpn server on your own network so you can get full access while remote.
copex
Getting the hang of it
Hit the nail firmly on the head
you could try the following in Google "youtube: setup vpn" with out quotes
strong password or even better password phrases, the biggest issue is secure VPN but week password and not using challenge and response 2factor ect but when you find secureVPNs then there are normally week wifi access or wifi CCTV cameras that can be deauthed and allowed to connect to a fake AP or Rouge APs and so it gos on.......... So a How to article becomes a Network security tutorial, most issues could be prevented with Common scene
Can you point someone where to start looking to "understand?" I'm pretty tech savvy, but my mind goes numb whenever I read about ports, tunneling and protocols. By your standard, I'm probably not tech savvy, but I've written several applications, built a dozen or so computers, installed few home networks. None of it setup for remote access... so... huge gap when it comes to network security. I'm a surveillance newb btw. I'm only here because my psychopath (literal) neighbor has threatened to hurt my dogs. Somehow, he got it in his head that anything bad that happens in the neighborhood, I did it.
I could really use some direction here. If I just want a simple system setup with no access to the internet, can you bullet point for me what I need to read up on to lock down my system?
Thanks.
nayr
IPCT Contributor
Start at looking at your router, thats where everything has to be done.. read its docs, see if it has some open source firmware avilable.. you want to setup two things:
VPN Server
and if your really concerned, get a managed switch that supports VLAN's and start reading how to segment/subnet your local networks out so you can filter traffic locally (ie, prevent LAN computers from talking to cameras)
VPN Server
- If it has a VPN Server already installed, setting it up is often easier than forwarding ports.. you just turn it on and add a few users.. then setup/install client on phone and use the IP/DynDNS of your router + username&pass you made.
- Create individual logins per device, ie: username: ryans-mobile password: secure random password, set em up.. save the credentials and if the phone gets lost/stolen you can just delete 'ryans-mobile' user and not have to change every devices password.
- See if your router has host based groups, if so create a group with all the IP's of your cameras
- Create a rule to block all inbound/outbound traffic too/from your IPCamera group, place it first on the list of rules
- Add a rule above your block all rule to allow any exceptions, such as NTP Server access.. if nessicary.
- Make exceptions as minimal as possible, if you need DNS/NTP only allow connections to the IP's you have authorized and not any DNS/NTP.
and if your really concerned, get a managed switch that supports VLAN's and start reading how to segment/subnet your local networks out so you can filter traffic locally (ie, prevent LAN computers from talking to cameras)