1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Security Camera Opens Up Port 80, Works When I Block It?

Discussion in 'General Security' started by ilovecats88, Dec 18, 2019.

Thread Status:
Not open for further replies.
Advertisement
  1. ilovecats88

    ilovecats88 Thread Starter

    Joined:
    Aug 16, 2012
    Messages:
    49
    I have a security camera made by Shenzhen Bilian Electronic Company, LTD. that I am able to view on my phone at home and off my network as well. I check my Netgear router logs frequently, and I noticed that the website pingma.qq.com:80 shows up all the time. I figured out this website is coming from my camera via my phone that has the camera app on it, even when I am not connected to my home network! So, I blocked port 80 on my router, and now when I check my router log, there's endless block messages that say [Service blocked: HTTP] from source 192.***.***.***. However, despite blocking port 80 which I'm assuming has something to do with my security camera's functionality, everything seems to be working fine.

    My questions are 1. Am I being hacked or something? and 2. Will the never-ending blocked messages in my router slow down my internet? Thank you.
     
  2. ilovecats88

    ilovecats88 Thread Starter

    Joined:
    Aug 16, 2012
    Messages:
    49
    Update: I had to unblock port 80 as it was making me unable to access a lot of websites. Is there any way for me to change the port my security camera is using? I have to access the settings through an app, and it really only lets you change the password. Is this just not a secure camera to use?
     
  3. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    115,815
    First Name:
    Karen
    Port 80 does indeed need to be used for general Internet access.

    It might help if you posted the exact make and model of the camera.
     
  4. Ciberblade

    Ciberblade Retired Moderator

    Joined:
    Sep 22, 2003
    Messages:
    16,279
    It is a Chinese site, and is not listed as malicious. I could dig a bit more with make/model, however I suspect it may be checking in for updates or the like. Yes port 80 is the primary communication port for internet access; your cameras video is likely using a different port for communication, which is why it remained working after blocking the port 80 traffic.
     
  5. ilovecats88

    ilovecats88 Thread Starter

    Joined:
    Aug 16, 2012
    Messages:
    49
    It's a Road Trip camera. I think the model number might be RT-6447-JB. There's not a whole lot of information about it online. I'm just trying to figure out why that port 80 website is constantly in the router log, like literally one after the other. Is there any way to make this camera more secure?
     
  6. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    115,815
    First Name:
    Karen
  7. Ciberblade

    Ciberblade Retired Moderator

    Joined:
    Sep 22, 2003
    Messages:
    16,279
    Nice article, Cookiegal.

    Beyond that, I would isolate that it is in fact the camera causing this (I suspect that it is). Power it off...do the logs stop? You mentioned that you can check this camera via an app. This could be a heartbeat for that service. If you want to get really in depth, you could use a tool such as wireshark to capture and isolate the traffic to see what it is actually sending. Depends on how in depth you want to get with it and how enjoyable you find learning.

    The port forward is a good option...not just for clarity, but the security it provides.
     
  8. zx10guy

    zx10guy Trusted Advisor Spam Fighter

    Joined:
    Mar 30, 2008
    Messages:
    6,295
    I'm going to go out on a limb and say one should never buy into an unknown company that offers security devices. If you're using a security device, there's a reason why you're doing so. Would you hand the keys to your house or car to someone that just wears an official uniform with no idea who they are beyond that? This is what you're doing with these overseas/Chinese companies. Even known companies have security vulnerabilities which have been publicized. With these known companies at least you know they have an incentive to patch holes or to stay on top of current security practices. You have zero guarantee from a fly by night company.

    Port forwarding is false security. Most people only have a flat network in their home. What does port forwarding do? It punches holes in your firewall to allow for external access into your internal network. All SOHO brand routers/firewalls are just SPI (stateful packet inspection) firewalls. What this means is as long as the firewall sees matching traffic from source to destination (and vice versa) with matching port numbers, then the firewall will assume the traffic inbound is legitimate. The firewall doesn't care if say you expose port 8080 for HTTP/web traffic that the return traffic is someone sending non HTTP traffic that is out of character for normal web traffic. The firewall will happily just let it through. The only way to defend against this is to have a firewall which peers into the packet payload to examine the contents to ensure the payload lines up with what is to be expected. The only firewalls which can do this are DPI (deep packet inspection) firewalls. DPI firewalls are still in the domain of business/enterprises as the software running these firewalls are much more involved and the hardware required for proper performance is higher.

    I have security cameras which do not depend on cloud services and do not need to phone home for anything. I access my cameras by a VPN I run myself on my network. I know going to this extreme is not within the abilities of most home users. But it's what I feel is required for 100% security. No one can access my cameras unless they are authorized to use my VPN.
     
    Ciberblade likes this.
  9. lunarlander

    lunarlander

    Joined:
    Sep 21, 2007
    Messages:
    11,876
    What is the model of your Netgear router?
     
  10. ilovecats88

    ilovecats88 Thread Starter

    Joined:
    Aug 16, 2012
    Messages:
    49
    WGR614v10

    Yes, the traffic stops when I unplug the camera and uninstall the app. Interestingly, so does traffic from several other websites, including nrc.tapas.net. Some Telegram websites were also only in my router log when the camera was running. I don't even use Telegram.
     
  11. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1237379

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice