Subscriber Discussion

How To Identify Rogue Camera Devices?

UI
Undisclosed Integrator #1
Oct 17, 2017

Would there be any suggestions on how one could crawl an intranet across multiple segments in order to identify rogue camera devices?

Avatar
Brian Karas
Oct 17, 2017
IPVM

Do you know anything about the cameras you want to detect? Like brands used, ports open, etc?

You could start by just having your VMS scan for ONVIF devices for a quick check, and progress to doing a more complete scan with something like NMAP

If your network is well-managed, you should know what devices are in use, their MAC addresses, and where they connect to on network switches. Looking at discovered devices that appear to be unknowns would help you find any rogue hosts on the network, camera or not.

If your network is not well-managed, this could be a good time to do so, and setup things like SNMP alerts when a port is activated, etc.

 

(1)
UI
Undisclosed Integrator #1
Oct 18, 2017

Thanks Brian for responding.  I do hear your and can claim that our infrastructure is reasonably managed with a myriad of tools that detect rogue devices.  My action was to be able to scan and identify devices and use this information to justify standardization. 

One idea was to find a list of assigned MAC addresses by vendor and use that as a reference table. As we scan we can sort out the cameras from other devices. 

UI
Undisclosed Integrator #2
Oct 17, 2017

Try LANScanner, goes across subnets, get vendor from MAC, port scan, logged on users, SNMP info and even what switch port a device is plugged into.

LANScanner Download

IPVM Image

(4)
UI
Undisclosed Integrator #1
Oct 18, 2017

Thank you for the reply, I will see how these compare to our tools. By the way, this site is serving up unsecure web services, take care.

UI
Undisclosed Integrator #1
Oct 18, 2017

Just to clarify,  the site I am referring to is https://www.neptuscloud.com/

UI
Undisclosed Integrator #2
Oct 18, 2017

Thanks for that, should be ok now..

MM
Michael Miller
Oct 18, 2017

This solution is not cheap but it is awesome.  Have a look a the Netscout Optiview XG.  Not only will it scan for any device on your network across all subnets, show you which port the device is plugged into and built a network map of how your devices are physically connected. 

If you don't have a DHCP server on the network it will automatically scan the network and tell you an open IP address even if you don't know what subnets are used. 

 

(1)
New discussion

Ask questions and get answers to your physical security questions from IPVM team members and fellow subscribers.

Newest discussions