D-Link Forums
D-Link IP Cameras for Home => DCS series Network Cameras => Topic started by: RYAT3 on March 17, 2013, 09:25:14 PM
-
I've noticed several things...
if
a) my cable modem disconnects (i'm pretty sure)
b) my router drops
c) i unplug/plug in camera...
that any port forwarding is thrashed in the router that was setup with the "TEST" button... I'd have to locally log in, and hit the "TEST" button...
I enabled port forwarding in my router as to what the "test" button would do.. hopefully this will keep them open if any of the above happens.
(sorry, non dlink router):
(http://s18.postimage.org/ni3jsm3t1/router1.jpg) (http://postimage.org/image/ni3jsm3t1/)
2132L
(http://s18.postimage.org/8ank89byd/2132l.jpg) (http://postimage.org/image/8ank89byd/)
2230
(http://s18.postimage.org/67d50lc5h/2230.jpg) (http://postimage.org/image/67d50lc5h/)
5222L
(http://s18.postimage.org/ee54s6285/5222l.jpg) (http://postimage.org/image/ee54s6285/)
-
At any rate, has there been any confirmed DCS camera hacks?
I guess I should make my passwords stronger than 11 chars...
I once had open my external FTP port to my desktop FTP server.... using it to transfer files between computers (long story about my previous router issues that I didn't understand)...
Anyways, I wake up in the morning, and saw someone was trying to login as admin all night long... (no such account existed)...
The logfile system on the cameras only show successful attempts, never any failed attempts.
well I hope this helps some one out there...
*note, the local ports can remain :80 regular http:// port... I was just playing around, testing things out.
But my router is now routing from the exposed external ports, to the dlink cameras running on the local ports.
-
Actually, my concern is two-fold with these cameras:
1. The default configuration has NO password for streaming video. So, regardless of what the admin password happens to be, you can point QuickTime or Windows Media Player at rtsp://yourip:554/play1.sdp, for example, and get a video stream with no password.
2. There is no SSL support whatsoever in the DCS-942L, so passwords are sent in cleartext. If you access the camera's web server on an untrusted network, you open yourself to password sniffing.
-
Actually, my concern is two-fold with these cameras:
1. The default configuration has NO password for streaming video. So, regardless of what the admin password happens to be, you can point QuickTime or Windows Media Player at rtsp://yourip:554/play1.sdp, for example, and get a video stream with no password.
2. There is no SSL support whatsoever in the DCS-942L, so passwords are sent in cleartext. If you access the camera's web server on an untrusted network, you open yourself to password sniffing.
I did some quick googling and came upon a white paper.
guest/guest works as a password on 2132L and 2230. 5222L does not allow guest/guest.
http://forums.dlink.com/index.php?topic=53154.0
I have RTSP disabled. I don't know what I would need that for.
-
"I have RTSP disabled. I don't know what I would need that for."
Answer: To view the live stream. (The Java applet on the integrated Web server on the DCS-942L connects to port 554 to stream the feed.)