Changing from the default ports to thwart Mirai/others

[seacoug 0]

Hello all,

 

I have a Q-see QC808 NVR unit with associated IP cameras that have been working great until recently. About two months ago the Internet slowed to a crawl and checking the logs on my router my NVR is constantly connecting to IP addresses I am unfamiliar with on port 3777.

 

I am not using the default password for the unit but I have not changed passwords/names for the individual cameras. I can still log in with my own user number and password. Q-see is of no help since the unit is about two years old and it is out of the support window. They did tell me that this equipment is vulnerable to Mirai (the botnet that brought down Dyn in October) and they are not offering any firmware to correct this problem.

 

What I was thinking of doing was suggested on a networking forum. I want to move off of the default ports of 3777 and 85 to something high that doesn't get probed routinely. My hopes are that my firewall will deny this IP access after multiple tries before it gets enough to the ports I have jumped up to. The other choice is a VPN which I would like to avoid if possible for the added complexity.

 

I am posting this to inquire if anyone knows what ports are a good substitute. Has anyone done this? I am not advanced in networking so any suggestions would be most appreciated. I think others with this vulnerability would also appreciate your thoughts.

 

Kind regards/thanks

 

seacoug

[GadgetAssistant 0]

Hello. If you are concerned about security and being compromised, you might want to consider just changing your ports almost as often as you might change your password. Anything from 2000 to 60000 should be fair game unless its assigned to some other device on the network.

[seacoug 0]

Thanks for the response. Will do. Is it necessary to change port 85 too? Are their limitations on what I can choose on that port?

 

This NVR is a round trip of three hours away so trial and error is painfully slow. I really appreciate your help. Thanks again

 

seacoug

[tomcctv 190]

Hi. Changing ports or a mirai attack is not going to help.

 

And with a 2 year old unit I don't think you have a mirai problem. Most of the problems of 2016 involved P2P setup which allowed things past your firewall

 

You need to open your network and check for open ports 20 to 29 you should block them.

 

 

If your router is old I would change that. The new range of netgear alerts you to anything which wants to alter your setting and logs and blocks suspicious threats.