Tonight, I received numerous e-mail alerts form my customers Dahua DVR's & NVR's. They were all Illegal Login @ 12-1-16 @ 21:17 hrs. The illegal address that attempted to air access was 183.129.160.229. A google search of this address is from China Telecom. Please pass on
Subscriber Discussion
Illegal Access Attempt From China At Dahua Recoders
U
Undisclosed #2
Dec 02, 2016I received numerous alerts form my customers Dahua DVR's & NVR's.
So you had multiple customers attacked from the same exact IP at the same exact time?
Jon Dillabaugh
Dec 02, 2016Why is that hard to believe? Scripts can run on a single host simultaneously from the same public IP. Why would that be strange?
U
Undisclosed #2
Dec 02, 2016Not impossible of course, but it seems unlikely unless the target IPs are related.
For instance, if you had 100 Dahua customers with multiple ISPs and unrelated IP ranges, and only 10 of them had attempted breaches, but all of those 10 were at the exact same second, it would imply a single server was attacking a massive number of hosts in just that second.
Though it might be a single source IP spoofed by many servers.
You would also win Ethan's NTP sync award of the year :)
The reason I asked for clarification was because of this and the fact that he may have intended "customer's" instead of "customers".
UI
Undisclosed Integrator #1
Dec 02, 2016Yes, attached is a screen shot from the alert. I don't think they were able to gain access because all default passwords are always change.
Alarm Event: Illegal Login
Alarm Start Time(D/M/Y H:M:S): 01/12/2016 21:16:47
Alarm Device Name: HCVR
U
Undisclosed #2
Dec 02, 2016JH
John Honovich
Dec 02, 2016According to whatismyipaddress, this IP address is from Hanghzou (coincidentally Dahua's home city) and has a record of hacking attempts:
I have submitted this to Dahua's cybersecurity email.
UI
Undisclosed Integrator #1
Dec 02, 2016New discussion
Ask questions and get answers to your physical security questions from IPVM team members and fellow subscribers.
Newest discussions