cd650
Members-
Content Count
6 -
Joined
-
Last visited
Community Reputation
0 Neutral-
I am working with an HIK DS 590 DVR, it has 16 analogue and 2 ip cameras. The DVR has the full 18 cameras connected to it. The analogue cameras record on motion no problem, however the ip cameras will not. All the settings are the same for both ip and analogue cameras. Has anyone come across this?? Thanks
-
Yes thats true about the axis cameras. And there is an option fo me to set a ddns on the avtech which I have disabled because I have the sevice running on my outer router. I would like the company to tell me why the unit is going an http to google using a remote desktop protocol every minute on port 80 and then to a ddns address on port 80. I can assure you that I have nothing set on the unit to do this. This is something happening in the firmware. Why would the firmware be doing this? This is highly suspect, if I saw something on my company network doing this it would be switched off and sent back to the supplier if they could not offer a firmware with out this feature.
-
Sorry I'm not suggesting that it is strange because it resolved to your country. Because I find that because it is looking up the DDNS name it keeps changing, and at the moment the ip is in the states that it resolves to. And it is the DVR itself that is creating the outbound traffic. I have made sure that the ddns settings in the menu are disabled. What would be interesting to know is, who owns the checkip ddns name. Here are a few things I have come across. I am confinced that this is some knid of "I'm here" traffic that it is sending to googles search engine. Meaning if you know the right thing to search for you could find my DVR. Here are a few interesting links. One is about google hacking and dvrs and the other is a hacking book that ists avtech equipment. Now remenber my DVR is doing a google DNS search every 60 seconds 24/7, then it goes to www.google.com on port 80. Then 1 minute later it does it all again. Also it is doing a dns lookup to that checkip DDNS name and doing a port 80 connection to that as well. This is the firmware of the dvr doing this and nothing that I have set. http://videoalberto.wordpress.com/2008/03/05/hack-to-search-and-view-free-live-webcam-with-google-search/ http://en.wikipedia.org/wiki/Google_hacking http://books.google.co.uk/books?id=bvB1-MmhEjQC&pg=PA336&lpg=PA336&dq=Google+hacking+avtech&source=bl&ots=ejvr3rScwa&sig=uOIqgYpDA9Ac_p-KCgS6L3_Cvto&hl=en&ei=tIb3S77FKZL-0gSVkaHqBw&sa=X&oi=book_result&ct=result&resnum=2&ved=0CB0Q6AEwAQ#v=onepage&q&f=false
-
Well I have reported this to the company and the distributor over a week ago and I have heard nothing back. That in itself says that they dont want to comment on why this is happening. I came across a hacking book on google that had avtech equipment in it. I dont really want to pay £30- £40 for it so I dont know what it says about hacking it. But my firewall is full of logs because this thing tries to get to the internet by itself 24/7. Still no idea why. Perhaps I'm posting in the wrong fourm, I'll do some posting on the network security and hacking fourms. If I come across anything I'll put it on here.
-
Yes I know they can be set to use your own DDNS, but I have not set it up. There is a setting in the firmware that I have no access to senting out remote desktop protocols on port 80 to google and doing its own ddns to the west indies. To be honest I find this highly suspiscus. I work in network security, and the only time I see traffic like this would be from a pc with a virus or trojan on it. So whats going on here. Most people with normal routers would never see this traffic and even if they did they could not block it. The only reason that I can block this is because I'm using a Juniper netscreen firewall as well as my normal broadband router. Now this may or may not have any connection to this. But I have 3 IP addresses located in China keep hitting the DVR's port connecting to the internet. I have seen no actual login attempts yet, but something keeps checking that its there.
-
I have recently bought an Avtech DVR, I also have a Juniper netscreen firewall connecting me to the internet. Last week I noticed some strange traffic going to the internet. The DVR seems to do a DNS lookup for google every minute, then do an HTTP connection on port 80. I decided to run a packet sniffer on the traffic and I noticed that the port 80 traffic had a protocol called carrius-rshell contained in it. If you check the internet you will see that this is a remote desktop protocol. Then I noticed that it was doing DNS lookups for a host checkip.dydns.org which resolved to 208.87.33.151. Now this is where it gets even stranger. This IP address is registered to a company called Secure Hosting Ltd based in Bahamas(BS) in region Caribbean and West Indies. I only found that last one earlier today. So at the minute I have set a rule on my firewall allowing it to do the dns lookup and to beable to connect to the 208 address. I also have a packet sniffer running so that I can see what traffic is going to it once it makes contact with it. I will post back once I know. But has anyone else saw anything like this. What would be the point in a standalone DVr contacting google every minute and contacting an ip address in the Bahamas?? Is ther a back door into these things and its registering itself with some third party giving my ip address??