4108-A2 connected to Internet anyone know what they are doing?

[Revo2Maxx]

So I have seen a lot of connections like this and this just happens to be the one that has the most connection from different ports?

I removed the first part of the IP for privacy reasons. Why is the NVR not picking up and posting an Alert? I also have turned off Ping in the NVR. This person just trying to flood my port as a way to deny my access?

Code: Select all

[LAN access from remote] from XXX.XX.161.244:15646 to 10.0.0.245:80, Monday, Mar 18,2024 22:53:05
[LAN access from remote] from XXX.XX.161.244:15644 to 10.0.0.245:80, Monday, Mar 18,2024 22:53:04
[LAN access from remote] from XXX.XX.161.244:15642 to 10.0.0.245:80, Monday, Mar 18,2024 22:53:04
[LAN access from remote] from XXX.XX.161.244:15638 to 10.0.0.245:80, Monday, Mar 18,2024 22:53:04
[LAN access from remote] from XXX.XX.161.244:15636 to 10.0.0.245:80, Monday, Mar 18,2024 22:53:04
[LAN access from remote] from XXX.XX.161.244:15634 to 10.0.0.245:80, Monday, Mar 18,2024 22:53:04
[LAN access from remote] from XXX.XX.161.244:15628 to 10.0.0.245:80, Monday, Mar 18,2024 22:53:04
[LAN access from remote] from XXX.XX.161.244:15614 to 10.0.0.245:80, Monday, Mar 18,2024 22:53:04
[LAN access from remote] from XXX.XX.161.244:15608 to 10.0.0.245:80, Monday, Mar 18,2024 22:53:04
[LAN access from remote] from XXX.XX.161.244:15604 to 10.0.0.245:80, Monday, Mar 18,2024 22:53:04
[LAN access from remote] from XXX.XX.161.244:15602 to 10.0.0.245:80, Monday, Mar 18,2024 22:53:04
[LAN access from remote] from XXX.XX.161.244:15598 to 10.0.0.245:80, Monday, Mar 18,2024 22:53:03
[LAN access from remote] from XXX.XX.161.244:15594 to 10.0.0.245:80, Monday, Mar 18,2024 22:53:03
[LAN access from remote] from XXX.XX.161.244:15588 to 10.0.0.245:80, Monday, Mar 18,2024 22:53:03
[LAN access from remote] from XXX.XX.161.244:15586 to 10.0.0.245:80, Monday, Mar 18,2024 22:53:03
[LAN access from remote] from XXX.XX.161.244:15584 to 10.0.0.245:80, Monday, Mar 18,2024 22:53:03
[LAN access from remote] from XXX.XX.161.244:15582 to 10.0.0.245:80, Monday, Mar 18,2024 22:53:03
[LAN access from remote] from XXX.XX.161.244:15578 to 10.0.0.245:80, Monday, Mar 18,2024 22:53:03
[LAN access from remote] from XXX.XX.161.244:15562 to 10.0.0.245:80, Monday, Mar 18,2024 22:53:03
[LAN access from remote] from XXX.XX.161.244:15556 to 10.0.0.245:80, Monday, Mar 18,2024 22:53:03
[LAN access from remote] from XXX.XX.161.244:15554 to 10.0.0.245:80, Monday, Mar 18,2024 22:53:03
[LAN access from remote] from XXX.XX.161.244:15552 to 10.0.0.245:80, Monday, Mar 18,2024 22:53:03
[LAN access from remote] from XXX.XX.161.244:15550 to 10.0.0.245:80, Monday, Mar 18,2024 22:53:02
[LAN access from remote] from XXX.XX.161.244:15546 to 10.0.0.245:80, Monday, Mar 18,2024 22:53:02
[LAN access from remote] from XXX.XX.161.244:15542 to 10.0.0.245:80, Monday, Mar 18,2024 22:53:02
[LAN access from remote] from XXX.XX.161.244:15538 to 10.0.0.245:80, Monday, Mar 18,2024 22:53:02
[LAN access from remote] from XXX.XX.161.244:15536 to 10.0.0.245:80, Monday, Mar 18,2024 22:53:02
[LAN access from remote] from XXX.XX.161.244:15530 to 10.0.0.245:80, Monday, Mar 18,2024 22:53:02
[LAN access from remote] from XXX.XX.161.244:15518 to 10.0.0.245:80, Monday, Mar 18,2024 22:53:02
[LAN access from remote] from XXX.XX.161.244:15506 to 10.0.0.245:80, Monday, Mar 18,2024 22:53:02
[LAN access from remote] from XXX.XX.161.244:15370 to 10.0.0.245:80, Monday, Mar 18,2024 22:53:02
[LAN access from remote] from XXX.XX.161.244:15280 to 10.0.0.245:80, Monday, Mar 18,2024 22:53:02
[LAN access from remote] from XXX.XX.161.244:15278 to 10.0.0.245:80, Monday, Mar 18,2024 22:53:02
[LAN access from remote] from XXX.XX.161.244:15276 to 10.0.0.245:80, Monday, Mar 18,2024 22:53:01
[LAN access from remote] from XXX.XX.161.244:15274 to 10.0.0.245:80, Monday, Mar 18,2024 22:53:01
[LAN access from remote] from XXX.XX.161.244:15268 to 10.0.0.245:80, Monday, Mar 18,2024 22:53:01
[LAN access from remote] from XXX.XX.161.244:15264 to 10.0.0.245:80, Monday, Mar 18,2024 22:53:01
[LAN access from remote] from XXX.XX.161.244:15260 to 10.0.0.245:80, Monday, Mar 18,2024 22:53:01
[LAN access from remote] from XXX.XX.161.244:15252 to 10.0.0.245:80, Monday, Mar 18,2024 22:53:01
[LAN access from remote] from XXX.XX.161.244:15234 to 10.0.0.245:80, Monday, Mar 18,2024 22:53:01
[LAN access from remote] from XXX.XX.161.244:15232 to 10.0.0.245:80, Monday, Mar 18,2024 22:53:01
[LAN access from remote] from XXX.XX.161.244:15230 to 10.0.0.245:80, Monday, Mar 18,2024 22:53:01
[LAN access from remote] from XXX.XX.161.244:15228 to 10.0.0.245:80, Monday, Mar 18,2024 22:53:01
[LAN access from remote] from XXX.XX.161.244:15226 to 10.0.0.245:80, Monday, Mar 18,2024 22:53:00
[LAN access from remote] from XXX.XX.161.244:15222 to 10.0.0.245:80, Monday, Mar 18,2024 22:53:00
[LAN access from remote] from XXX.XX.161.244:15220 to 10.0.0.245:80, Monday, Mar 18,2024 22:53:00
[LAN access from remote] from XXX.XX.161.244:15218 to 10.0.0.245:80, Monday, Mar 18,2024 22:53:00
[LAN access from remote] from XXX.XX.161.244:15216 to 10.0.0.245:80, Monday, Mar 18,2024 22:53:00
[LAN access from remote] from XXX.XX.161.244:15214 to 10.0.0.245:80, Monday, Mar 18,2024 22:53:00
[LAN access from remote] from XXX.XX.161.244:15206 to 10.0.0.245:80, Monday, Mar 18,2024 22:53:00
[LAN access from remote] from XXX.XX.161.244:15198 to 10.0.0.245:80, Monday, Mar 18,2024 22:53:00
[LAN access from remote] from XXX.XX.161.244:15196 to 10.0.0.245:80, Monday, Mar 18,2024 22:53:00
[LAN access from remote] from XXX.XX.161.244:15194 to 10.0.0.245:80, Monday, Mar 18,2024 22:53:00
[LAN access from remote] from XXX.XX.161.244:15190 to 10.0.0.245:80, Monday, Mar 18,2024 22:53:00
[LAN access from remote] from XXX.XX.161.244:15188 to 10.0.0.245:80, Monday, Mar 18,2024 22:52:59
[LAN access from remote] from XXX.XX.161.244:15186 to 10.0.0.245:80, Monday, Mar 18,2024 22:52:59
[LAN access from remote] from XXX.XX.161.244:15182 to 10.0.0.245:80, Monday, Mar 18,2024 22:52:59
[LAN access from remote] from XXX.XX.161.244:15180 to 10.0.0.245:80, Monday, Mar 18,2024 22:52:59
[LAN access from remote] from XXX.XX.161.244:15178 to 10.0.0.245:80, Monday, Mar 18,2024 22:52:59
[LAN access from remote] from XXX.XX.161.244:15168 to 10.0.0.245:80, Monday, Mar 18,2024 22:52:59
[LAN access from remote] from XXX.XX.161.244:15164 to 10.0.0.245:80, Monday, Mar 18,2024 22:52:59
[LAN access from remote] from XXX.XX.161.244:15144 to 10.0.0.245:80, Monday, Mar 18,2024 22:52:59
[LAN access from remote] from XXX.XX.161.244:14902 to 10.0.0.245:80, Monday, Mar 18,2024 22:52:59
[LAN access from remote] from XXX.XX.161.244:14900 to 10.0.0.245:80, Monday, Mar 18,2024 22:52:59
[LAN access from remote] from XXX.XX.161.244:14898 to 10.0.0.245:80, Monday, Mar 18,2024 22:52:59
[LAN access from remote] from XXX.XX.161.244:14896 to 10.0.0.245:80, Monday, Mar 18,2024 22:52:58
[LAN access from remote] from XXX.XX.161.244:14894 to 10.0.0.245:80, Monday, Mar 18,2024 22:52:58
[LAN access from remote] from XXX.XX.161.244:14888 to 10.0.0.245:80, Monday, Mar 18,2024 22:52:58
[LAN access from remote] from XXX.XX.161.244:14886 to 10.0.0.245:80, Monday, Mar 18,2024 22:52:58
[LAN access from remote] from XXX.XX.161.244:14884 to 10.0.0.245:80, Monday, Mar 18,2024 22:52:58
[LAN access from remote] from XXX.XX.161.244:14880 to 10.0.0.245:80, Monday, Mar 18,2024 22:52:58
[LAN access from remote] from XXX.XX.161.244:14868 to 10.0.0.245:80, Monday, Mar 18,2024 22:52:58
[LAN access from remote] from XXX.XX.161.244:14856 to 10.0.0.245:80, Monday, Mar 18,2024 22:52:58
[LAN access from remote] from XXX.XX.161.244:14854 to 10.0.0.245:80, Monday, Mar 18,2024 22:52:58
[LAN access from remote] from XXX.XX.161.244:14852 to 10.0.0.245:80, Monday, Mar 18,2024 22:52:58
[LAN access from remote] from XXX.XX.161.244:14850 to 10.0.0.245:80, Monday, Mar 18,2024 22:52:57
[LAN access from remote] from XXX.XX.161.244:14848 to 10.0.0.245:80, Monday, Mar 18,2024 22:52:57
[LAN access from remote] from XXX.XX.161.244:14846 to 10.0.0.245:80, Monday, Mar 18,2024 22:52:57
[LAN access from remote] from XXX.XX.161.244:14844 to 10.0.0.245:80, Monday, Mar 18,2024 22:52:57
[LAN access from remote] from XXX.XX.161.244:14842 to 10.0.0.245:80, Monday, Mar 18,2024 22:52:57
[LAN access from remote] from XXX.XX.161.244:14840 to 10.0.0.245:80, Monday, Mar 18,2024 22:52:57
[LAN access from remote] from XXX.XX.161.244:14838 to 10.0.0.245:80, Monday, Mar 18,2024 22:52:57
[LAN access from remote] from XXX.XX.161.244:14832 to 10.0.0.245:80, Monday, Mar 18,2024 22:52:57
[LAN access from remote] from XXX.XX.161.244:14828 to 10.0.0.245:80, Monday, Mar 18,2024 22:52:57
[LAN access from remote] from XXX.XX.161.244:14826 to 10.0.0.245:80, Monday, Mar 18,2024 22:52:57
[LAN access from remote] from XXX.XX.161.244:14824 to 10.0.0.245:80, Monday, Mar 18,2024 22:52:57
[LAN access from remote] from XXX.XX.161.244:14822 to 10.0.0.245:80, Monday, Mar 18,2024 22:52:56
[LAN access from remote] from XXX.XX.161.244:14820 to 10.0.0.245:80, Monday, Mar 18,2024 22:52:56
[LAN access from remote] from XXX.XX.161.244:14816 to 10.0.0.245:80, Monday, Mar 18,2024 22:52:56
[LAN access from remote] from XXX.XX.161.244:14814 to 10.0.0.245:80, Monday, Mar 18,2024 22:52:56
[LAN access from remote] from XXX.XX.161.244:14812 to 10.0.0.245:80, Monday, Mar 18,2024 22:52:56
[LAN access from remote] from XXX.XX.161.244:14810 to 10.0.0.245:80, Monday, Mar 18,2024 22:52:56
[LAN access from remote] from XXX.XX.161.244:14802 to 10.0.0.245:80, Monday, Mar 18,2024 22:52:56
[LAN access from remote] from XXX.XX.161.244:14794 to 10.0.0.245:80, Monday, Mar 18,2024 22:52:56
[LAN access from remote] from XXX.XX.161.244:14606 to 10.0.0.245:80, Monday, Mar 18,2024 22:52:56
[LAN access from remote] from XXX.XX.161.244:14544 to 10.0.0.245:80, Monday, Mar 18,2024 22:52:56
[LAN access from remote] from XXX.XX.161.244:14542 to 10.0.0.245:80, Monday, Mar 18,2024 22:52:56
[LAN access from remote] from XXX.XX.161.244:14540 to 10.0.0.245:80, Monday, Mar 18,2024 22:52:55
[LAN access from remote] from XXX.XX.161.244:14538 to 10.0.0.245:80, Monday, Mar 18,2024 22:52:55
[LAN access from remote] from XXX.XX.161.244:14530 to 10.0.0.245:80, Monday, Mar 18,2024 22:52:55
[LAN access from remote] from XXX.XX.161.244:14528 to 10.0.0.245:80, Monday, Mar 18,2024 22:52:55
[LAN access from remote] from XXX.XX.161.244:14524 to 10.0.0.245:80, Monday, Mar 18,2024 22:52:55
[LAN access from remote] from XXX.XX.161.244:14516 to 10.0.0.245:80, Monday, Mar 18,2024 22:52:55
[LAN access from remote] from XXX.XX.161.244:14510 to 10.0.0.245:80, Monday, Mar 18,2024 22:52:55
[LAN access from remote] from XXX.XX.161.244:14496 to 10.0.0.245:80, Monday, Mar 18,2024 22:52:55
[LAN access from remote] from XXX.XX.161.244:14492 to 10.0.0.245:80, Monday, Mar 18,2024 22:52:55
[LAN access from remote] from XXX.XX.161.244:14490 to 10.0.0.245:80, Monday, Mar 18,2024 22:52:55
[LAN access from remote] from XXX.XX.161.244:14484 to 10.0.0.245:80, Monday, Mar 18,2024 22:52:55
[LAN access from remote] from XXX.XX.161.244:14480 to 10.0.0.245:80, Monday, Mar 18,2024 22:52:54
[LAN access from remote] from XXX.XX.161.244:14478 to 10.0.0.245:80, Monday, Mar 18,2024 22:52:54
[LAN access from remote] from XXX.XX.161.244:14474 to 10.0.0.245:80, Monday, Mar 18,2024 22:52:54
[LAN access from remote] from XXX.XX.161.244:14472 to 10.0.0.245:80, Monday, Mar 18,2024 22:52:54
[LAN access from remote] from XXX.XX.161.244:14470 to 10.0.0.245:80, Monday, Mar 18,2024 22:52:54
[LAN access from remote] from XXX.XX.161.244:14466 to 10.0.0.245:80, Monday, Mar 18,2024 22:52:54
[LAN access from remote] from XXX.XX.161.244:14464 to 10.0.0.245:80, Monday, Mar 18,2024 22:52:54
[LAN access from remote] from XXX.XX.161.244:14454 to 10.0.0.245:80, Monday, Mar 18,2024 22:52:54
[LAN access from remote] from XXX.XX.161.244:14452 to 10.0.0.245:80, Monday, Mar 18,2024 22:52:54
[LAN access from remote] from XXX.XX.161.244:14450 to 10.0.0.245:80, Monday, Mar 18,2024 22:52:54
[LAN access from remote] from XXX.XX.161.244:14446 to 10.0.0.245:80, Monday, Mar 18,2024 22:52:54
[LAN access from remote] from XXX.XX.161.244:14444 to 10.0.0.245:80, Monday, Mar 18,2024 22:52:53
[LAN access from remote] from XXX.XX.161.244:14440 to 10.0.0.245:80, Monday, Mar 18,2024 22:52:53
[LAN access from remote] from XXX.XX.161.244:14438 to 10.0.0.245:80, Monday, Mar 18,2024 22:52:53
[LAN access from remote] from XXX.XX.161.244:14436 to 10.0.0.245:80, Monday, Mar 18,2024 22:52:53
[LAN access from remote] from XXX.XX.161.244:14432 to 10.0.0.245:80, Monday, Mar 18,2024 22:52:53
[LAN access from remote] from XXX.XX.161.244:14426 to 10.0.0.245:80, Monday, Mar 18,2024 22:52:53
[LAN access from remote] from XXX.XX.161.244:14420 to 10.0.0.245:80, Monday, Mar 18,2024 22:52:53
[LAN access from remote] from XXX.XX.161.244:14412 to 10.0.0.245:80, Monday, Mar 18,2024 22:52:53
[LAN access from remote] from XXX.XX.161.244:14386 to 10.0.0.245:80, Monday, Mar 18,2024 22:52:53

[sdDave]

So I have seen a lot of connections like this and this just happens to be the one that has the most connection from different ports?

I removed the first part of the IP for privacy reasons. Why is the NVR not picking up and posting an Alert? I also have turned off Ping in the NVR. This person just trying to flood my port as a way to deny my access?

if they are reaching the NVR at 10.0.0.245, and you are not trying to connect from an app, they have hacked the P2P and trying to hack the NVR.

I would recommend regenerating the NVR's certificate and reboot and see if they return (doubtful they do, if so, I recommend discontinuing any internet connection with the NVR). Because if its not the P2P server and its normal operation, someone has hacked the app server and is trying to leverage access.

[Revo2Maxx]

No no one was using my P2P to access this NVR.. So what this post is about me setting up my NVR to have Direct access to the Internet AKA Open Ports so that I personally could connect to the NVR over my Static Internet IP. This was done because there are so many people in the USA that have connected the camera and DVR/NVR to the internet and wanted to show that it isn't a good idea.

Here is the issue. When someone makes a connection to the Internet most times they are not aware that there are a Bunch of TROLLS out there that spend hours and hours trying to hack peoples connections.. So one post I made some time ago was a Warning that I tried to make because there is someone with Amcrest cameras that are exposed to the Internet over RTSP. The issue is that the cameras are not at fault the Owner of the cameras are using a different brand NVR that has open RTSP feeds and people can access the feeds over RTSP and switch between channels just by changing the RTSP URL.. I was testing to see how long it would take for someone to locate my Direct Connected device and try to Brute force attack it. in most cases it was less then 3 days.. I have things in place and I watch well. When P2P is connected there is no proof that there was a connection made that you can find in network without having things in place that can follow the connection.

So 1 I was exposing my Devices to the internet to test the security of my devices. Reset my Devices back to factory before making these connections so I didn't expose my email passwords and other things that are different form my Security Devices passwords and didn't want them if they happen to gain access to get access to other things... Also had only 2 cameras connected and had them also setup with same password as the DVR/NVR so they couldn't gain any more insight into me or my way of life. Also the passwords used were setup in a way that would take a normal home user over 1000 years to crack. Now someone using a complex hacking rig might be able to over 800 days. I made my password after looking over 10 of the largest list of passwords out there and made sure that it was complex enough that it would a long time. Then normally devices are setup to lock out a user that failed after so many tries and I would black list that IP as soon as it hit that limit. This was the first time someone ever had that many tries and I still don't understand what method they used but it wasn't P2P find it odd that it was on my port 80 but failed to lock out after 3 tries that I set most of the systems to others have 5 as the min. But I tested 10 different machines from Dahua, Amcrest Hikvision and Hikvision OEMs.

So my post was to help others that expose their devices to the internet know that it really isn't a good idea.. While I know in a post you talk about P2P being insecure but that isn't the case.. P2P is more complex then people understand.. Can someone access your P2P? Not without your help.. There is no server that has the info from our devices. Your thought that there is a Server that is holding all the device details is not correct. What does happen is that when you setup your device using P2P the system does infact yes touch base with a Network server to test that the SN used is infact correct for Amcrest P2P service. Once it does this the device be it DVR/NVR or IP camera sends out a Hello, a Server then is listening for a Service Ping for that Device. Once ASP or AVP2 sends out a ping for service the server then makes a hand off to the device for the app to run on a tunnel service direct connection to the device as long as your UUID and the password is correct.. There is no trail in your network that a connection is made because it is in a Complex Tunnel.

Smart home devices and IP security devices use 2 different type P2P services. Smart home P2P uses a Server in the Middle the Normal IP devices don't.. Smart Home is Cloud Based Ip devices are normal IP P2P based.. One of the issues that people keep falling on is back in like 2012-2015 and issues that could come about with the normal P2P and why some think it was insecure. Now with Amcrest and others using Encryption to connect there is little to no chance that someone can capture your info to get your password. While Cloud Based P2P like used for Smart Home products and some other services out there the data is still Encrypted that isn't the issue. The problem is that seeing the data is served to a Data Server you have to trust the company you are using not to use that in a way that is against your personal security.. Or That they don't have a Password that can unlock your data without you providing them with a password.. Normal IP P2P the only thing the server is there for is to Keep an eye out for the Ping of your App and to make a Tunnel service that you can use to access the device outside of your own network.. Device sends out a Hello, Server waits for Ping once ping is found it hands off the 2 devices and the IP device you are connecting to is the Server and will accept or reject your connection if you don't use the right password.. The Server does not see your data, store the data or ever see the password pass off between the 2 peers.. One thing that Cloud Based systems can work to the benefit of the End user is that if the P2P hand off fails that data can still be passed because the server can have the data stored..

[sdDave]

No no one was using my P2P to access this NVR.. So what this post is about me setting up my NVR to have Direct access to the Internet AKA Open Ports so that I personally could connect to the NVR over my Static Internet IP. This was done because there are so many people in the USA that have connected the camera and DVR/NVR to the internet and wanted to show that it isn't a good idea.

Here is the issue. When someone makes a connection to the Internet most times they are not aware that there are a Bunch of TROLLS out there that spend hours and hours trying to hack peoples connections.. So one post I made some time ago was a Warning that I tried to make because there is someone with Amcrest cameras that are exposed to the Internet over RTSP. The issue is that the cameras are not at fault the Owner of the cameras are using a different brand NVR that has open RTSP feeds and people can access the feeds over RTSP and switch between channels just by changing the RTSP URL.. I was testing to see how long it would take for someone to locate my Direct Connected device and try to Brute force attack it. in most cases it was less then 3 days.. I have things in place and I watch well. When P2P is connected there is no proof that there was a connection made that you can find in network without having things in place that can follow the connection.

So 1 I was exposing my Devices to the internet to test the security of my devices. Reset my Devices back to factory before making these connections so I didn't expose my email passwords and other things that are different form my Security Devices passwords and didn't want them if they happen to gain access to get access to other things... Also had only 2 cameras connected and had them also setup with same password as the DVR/NVR so they couldn't gain any more insight into me or my way of life. Also the passwords used were setup in a way that would take a normal home user over 1000 years to crack. Now someone using a complex hacking rig might be able to over 800 days. I made my password after looking over 10 of the largest list of passwords out there and made sure that it was complex enough that it would a long time. Then normally devices are setup to lock out a user that failed after so many tries and I would black list that IP as soon as it hit that limit. This was the first time someone ever had that many tries and I still don't understand what method they used but it wasn't P2P find it odd that it was on my port 80 but failed to lock out after 3 tries that I set most of the systems to others have 5 as the min. But I tested 10 different machines from Dahua, Amcrest Hikvision and Hikvision OEMs.

Oh ok, you did that deliberately to see if the botnet hackers can take over the camera.

Ok, you see the password lockout routine in cameras only work if they are using the html form to enter the user and password. What they would use is query string hacking to code inject and thus bypassing the password.

Code: Select all

rtsp://<username>:<password>@<IP address of device>:<RTSP port>/Streaming/channels/<channel number><stream number>

So for a simplified example of code injection: On the server side you have something like this code accepting the password

Code: Select all

$username = $_POST["username"];
$password = $_POST["password"];

$sql = "SELECT * FROM Users WHERE username = \"" . $username . "\" AND password = \"" . $password . "\"";

The code example above is weak PHP usage, as the sql statement is encapsulated in quotes and the html form info is directly loaded into a variable.

So a hacker using the html form (or the target url of the form) and inputs:

Code: Select all

invalid_user" OR "1"="1

with the hacker finding out that the query is encapsulated with " the results of the rendered code on the server side is:

Code: Select all

SELECT * FROM Users WHERE username = "invalid_user" OR "1"="1" AND password = "invalid_pass" OR "1"="1"

Since 1=1 will always return a "true" logic, the hacker gains access.

[sdDave]

As far as P2P, you would have to packet inspect the wan side, but what happens is the NVR opens a session to the p2p server and then the P2P server hands back to the NVR a client certificate for the session and the app end queries on the P2P server turns over the session connection of the p2p server to the app.

The golden eqq is hacking the P2P server and gaining access to the users and NVRs listed in a database table. Once they are in, they can copy the database or set up a back door to access it, copy the server's TLS certificates, then can masquerade as the P2P server with ip data and instant access since they have access to the server's session cookies