0
I have three no-name ipcameras that I have been fooling around with. Previous ones came with a webserver that used UPnP to make them accessible outside my home network. These ones use an app, but I would like to disable all access to them except through something that I control.
I looked at my UPnP table and they were not being fowarded there, and I also have not enabled any port forwarding on my router for them. I did a scan of my network from an outside network and the only ports I have exposed are those that I have setup manually. Even after completely disabling UPnP the cameras are still streaming to the app and accessible outside my network.
On my local network the camera has these ports open:
PORT STATE SERVICE
23/tcp open telnet
80/tcp open http
554/tcp open rtsp
843/tcp open unknown
5050/tcp open mmcc
7103/tcp open unknown
8001/tcp open vcom-tunnel
I can access the OS of the camera with 23 and I know 80 is for the onvif and 554 is the stream, so I am assuming part of the issues are with the other 4 ports. Any suggestions on figuring out how this camera is smuggling data out of my network?
jeffpkamp
Posted 2020-01-25T19:24:49.737
Reputation: 121
Yup, it's phoning home (to China probably?). They most likely have a server setup to get around home users NAT configurations. I.e camera logs in to the server, (has no outbound restrictions in the home firewall) phone app does the same, the server interconnects them both – Tim_Stewart – 2020-01-25T19:40:46.370
2@Tim_Stewart figured it can send outbound traffic without issue, but how does it get to pan tilt commands back in? ... never mind, i'm realizing sockets are two way connections... So I need to set up a firewall restriction on its ip – jeffpkamp – 2020-01-25T19:44:23.250
The same way, the camera will have a static outbound port, the internal port will be random usually. The router is keeping track of the conversations and port numbers, so it's bi-directional communication. The server is passing the commands from the app down the same communications channel that the camera originally opened in the firewall. – Tim_Stewart – 2020-01-25T19:48:45.753
1
example: UDP hole punching and/or TCP hole punching with the help of an outside 3rd party. Two systems both behind NAT can then directly connect (without data flowing through the 3rd party). Try: https://appr.tc/ (which is the 3rd party, and uses WebRTC features to do the hole punching).
– A.B – 2020-01-25T19:49:37.473