jake.reynolds
Members-
Content Count
6 -
Joined
-
Last visited
Community Reputation
0 Neutral-
I'm looking for a DVR recommendation. I had my house built with siamese coax (in 2008) for a CCTV system. I first had an AVTECH DVR. I always hated the web interface, which made me run an old ActiveX control using Internet Explorer. I upgraded to a Dahua-based DVR and found it extremely insecure, to the point that I wrote a widely-known exploit tool for them (https://depthsecurity.com/blog/dahua-dvr-authentication-bypass-cve-2013-6117, https://www.rapid7.com/db/modules/auxiliary/scanner/misc/dahua_dvr_auth_bypass). You shouldn't be poking holes in your firewalls for remote access to any of these DVRs in my opinion. Cloud is ok because that's outbound traffic from your network. I took the Dahua off the internet so it was only available internally but at analog resolution, it's nearly unusable. If I would have scrutinized my AVTECH the same way, I'm sure I would have found similar flaws. Anyway, I just bought a "Lorex by Flir" 8ch 1080P analog DVR, set it up, and found out it's just another Dahua, albeit with better resolution and supporting better cameras. Is there any development going on with analog DVRs besides increasing resolutions? It seems like everything stopped 10 years ago. I don't see any HD-capable analog capture cards either. Please correct me if I'm wrong. Here's my DVR wishlist: Needs to be 8 x 1080p x 15-30 frames capable over coax. Needs to support a variety of reasonably decent 1080p analog cameras (wide-angle, remote zoom, ptz, etc) Would like a native, HTML5, browser-based web interface to DVR, rather than buggy Windows/Mac-installed CMS software. No Java/Flash/ActiveX/Silverlight/Plugin BS required for web interface. Just native HTML. Needs a solid mobile app. Can edit any configuration element from app/web interface rather than requiring you to be at the console with a mouse. Needs to be cloud capable (I have gigabit internet at home) with a reputable service that actually works. Would like the ability to recap video based on event timeline rather than being stuck looking at 12 hours of footage at 8X fast-forward. Does anything like this exist? Should I just keep the Lorex because that's as good as I'm going to get? Should I just ditch analog and go IP? If so, should I replace my coax with CAT5/6? Are IP cams with baluns over coax a workable solution, or something to stay away from?
-
My apologizes if this is a re-post but has everyone heard about the vulnerabilities in Ray Sharp DVRs as well as rebranded DVR products by Swann, Lorex, URMET, KGuard, Defender, DEAPA/DSP Cop, SVAT, Zmodo, BCS, Bolide, EyeForce, Atlantis, Protectron, Greatek, Soyo, Hi-View, Cosmos, and J2000? http://console-cowboys.blogspot.com/2013/01/swann-song-dvr-insecurity.html https://community.rapid7.com/community/metasploit/blog/2013/01/28/ray-sharp-cctv-dvr-password-retrieval-remote-root Basically, if you use one of these devices, you probably ought not port-forward TCP 9000 from the internet unless you are restricting access by source. Changing this port might add a bit of security through obscurity but you'd still be totally vulnerable. Possible attacks include accessing clear-text admin passwords, creepy unauthorized access with said account, as well as using the DVR as a pivot point for attacking other internal network resources, e.g. your laptop, iPhone, PC, and whatever else. There's already a Metasploit aux/scanner module to discover vulnerable systems and dump the admin password. As far as I know neither Ray Sharp nor the rebranders have responded to this. I wouldn't be surprised if they never do. I've always wondered how many inadvertent (vulnerabilities) and purposeful (backdoors) security issues there are in these ubiquitous, cheap, poorly-developed DVRs. I've had avtech and dahua DVRs myself. Although it's hard to beat the value of these cheap devices, it's just a matter of time before more and more of these severe remote vulnerabilities are found as they become more prevalent. Let's just hope that the good guys (researchers) find them before those who would use them for their own nefarious purposes. Jake
-
Thanks a lot for your response. Cool, so if you were in my position would you even bother upgrading the AV760 other than for increased channels? If I'm not going to get any better recording quality and image quality is 100% cameras then I might as well not bother unless I really want 8 channels. Thanks for the info. Coincidentally, this is this price range I had in mind when I upgrade my cameras. Only problem is that a couple of these cams have nearly zero ambient light, i.e. no street lights around. By the looks of the pics I saw of this camera operating at midnight it would still be better than the crappy $30.00 IR cams I currently have. However, is there another camera you would recommend for very low light situations? I'd read about dual-CCD IR cams with one black/white CCD dedicated to night vision. Are those still inferior to the camera's you recommended? This is why I mentioned Logitech's cameras. My friends have them with regular cable modem internet access (~1mbps upstream). They have better quality than my cheap system and it all streams to the internet. For some reason, compression methods I'm sure, it doesn't seem to affect their bandwidth considerably. That said, I'm not going to be putting those in since I've already got the RG59 run.
-
Because my walls are priceless =). I actually don't have a ladder high enough to reach them so I've never adjusted them from my first guess.
-
One more pic since it would only allow me three on my original post.
-
I've got an AV760 4-ch DVR and some cheap, eBay, non-dome IR-lit cameras. I don't know the CCD or make of the cams but I believe they were around $150.00 for the four of them and they came from Taiwan if that helps you get a picture of the quality. I do believe they advertised a 1/3" Sony chip but that could be wrong. I built my home in 2008 and ran RG-59 siamese cable to four exterior wall locations. I have access to this DVR via the Internet and through my iPhone using an application called EagleEyes. This wasn't a bad system for what I paid and considering I had it back in 2008. But...I've been wanting better night vision ability for a while because the night vision on my current system isn't up to par. I'd also like better resolution if possible but I realize I'm kind of stuck with the maximum NTSC/PAL standards allow. I'd prefer not to redo my cable even though I know the benefits of IP over CAT5/6 with PoE. I'm also interested in getting an 8 channel DVR this time for a couple of interior cameras. The fact that my DVR is now saying "No HDD" also gives me a reason to replace the DVR if modern DVRs can provide better resolution than the setup I have. Otherwise I could replace the HDD. I've posted descriptions as well as screenshots of these below: 1. Watching the Front Door/Porch 2. Watching the Garage/Driveway/Front Yard 3. Watching my Side Garage 4. Watching my Basement Door/Backyard I have the following requirements: 1. 8 Channel analog DVR with best resolution possible using analog cameras. 2. DVR supports browser/iPhone remote access. 3. I need new cameras that, if possible, will allow me to identify faces even in the dark in the locations I've posted pics of. At the very least I need better night vision. 4. I would like some "cloud" solution or service where I can constantly stream my video to some other server on the internet in case the DVR burns up or gets taken. My partners at work have recently opted for Logitech cams and that service is very cool from this perspective. 5. I have no cable pulled but it would be nice to have a channel of audio, say, at my front door location. 6. My current cameras use individual AC adapter/injectors. It would be nice to have a 4 or 8 channel all-in-one device for this since they all terminate in the same spot. So my questions are: 1. With new DVRs and cameras is it possible to get better resolution than I'm getting even if I stick with analog? 2. If I spend more on cameras do you think I can get a lot better night vision in the spots I posted pics of? 3. Are there any DVRs manufacturers that provide/sell video server services so that you're constantly streaming your video across the internet to them? Something a little more turn-key than an FTP server... 4. What equipment/models would be the best value for my situation? Thanks in advance!