How To Prevent Network Flood Attack On NVR?

In a period of several weeks, we've received many service calls from the end user complaining about the IP cameras losing video in the early morning hours between 12 midnight - 2 am. The IT manager says the NVR had to be reset because: although the Windows 7 OS is up and running, the VMS doesn't show up any live cameras on-screen and had to be hard-reset to pull up the cameras again automatically.

Upon on-site audit: by checking the videos of the IT room, no one was seen entering this room at thouse hours. In the end, the security integrator was told by us to take immediate measures so as to discard the possibility of blackouts or undervoltages in the 110V electrical supply that no one is aware of during those night hours; we instructed him to connect the USB-Data Port cable to feed the Powerchute software that can then log any electric power incident.

Having said that, we're still highly suspicious of possible rogue behavior from internal IT personnel.

- Is it possible that some unauthorized employee on the LAN is "flooding" the NVRs network card (or IP address for that matter) with excessive requests to cause a denial of service from the NVR ?? (since the NVR has a private IP address from the LAN, it may be easily discoverable using an IP scanner and anyone can easily see that the web server is running on port 80). We also think that if the IT employees have remote access back to the company's network, they may very well do an attack remotely from home, an Internet cafe or elsewhere.

- If yes; can a hardware-based firewall prevent or at least minimize these incidents of internal flood attacks (as in putting a firewall between the NVR's PoE switch and the rest of the IT network and employees PC workstations to restrict incoming requests) ?? I've been told by a colleague that Windows' OS firewall is essentially "useless" because if the OS is unstable, the software firewall comes crashing down along with the operating system.

- We were thinking first of completely isolating the security LAN equipments from the rest of the IT networks, but that would represent other political and day-to-day workflow challenges (the security boss' workstation is on the same LAN as the rest of the employees and has to be able to access live videos on a daily basis, for investigation of daily incidents ocurred on the company's premises, the security boss depends on IT guys for technical assistance, etc. etc.)

Login to read this IPVM discussion.
Why do I need to log in?
IPVM conducts unique testing and research funded by member's payments enabling us to offer the most independent, accurate and in-depth information.

*** ** ******* * ****** ** ******* ****** ******** **** the ******** ********* *** ** ***** ** *****?

**** ***** ** * **** *****! *** ** *** ** the ******* ***** ** ******* ** *******, *** ****'* **** they **** **** *** *** ****. ******* **** ****** *** know-how ** *** **** ********* ****** ***** ***** *** **** port ***** ************, ** ******** **** **** *** ****** ***.

*** *****, *** *** ******* **** *** ******* *** *** thinking **** *** ******* *** *********? ** ** **** *** video ******* *****?

**** ** *** **** ** *** ***, **'*, ******** ***? A ***** *** ****** ****** ***** ****** ** ******** ******. Also, ****'* *** **********? *********** ** ***?

*** *** *** * ******** ** *** ***** ***** **** except *** **, *** ** ***** **** **** ** ********* on **, ** ***'** **** ** ******** **** ***** ***. You ***** **** * ******** **** ***** ** **, *** they ***** ***** **** **.

** * **** *** * ***** **** *** **** ********** evidence ** ******** ********. **** *** **** ****, **** ** may **** ******** *** *** *** ***. **** ** ******* and ******** ************ ** ******* ******.

** ***** ** * ***** ** ****** ***** ****, *** really **** ** **** **** ******* ********** **** *** ******** ASAP, *** **** ** ******* ***** ******** **** ***** *********** plan.

********* ******.

"**** ** *** **** ** *** ***, **'*, ******** ***? A ***** *** ****** ****** ***** ****** ** ******** ******. Also, ****'* *** **********? *********** ** ***?"

******. ***** **** ***** ** *** ** *** **** **** that **.

"** ***** ** * ***** ** ****** ***** ****, *** really **** ** **** **** ******* ********** **** *** ******** ASAP, *** **** ** ******* ***** ******** **** ***** *********** plan."

******. **** ***** ** ********* *** ***** * ****** *****, so ********** * *******, **** ******** ***********.

*******:

"**'** ******** **** ******* ***** **** *** *** **** *********** about *** ** ******* ****** ***** ** *** ***** ******* hours ******* ** ******** - * **."

** ** **** ****** ***** *****? ** ** ***** ***** or **********?

*** ******* ***** *** *** ***** *****, *** ***** *** days ** *******; *** ****** *** ***** ****** ******* *****.

Re: ...**** *** ******* *** *** ******** **** *** ******* *** *********? ** ** **** *** ***** ******* *****?

: ***, *** ***** ******* *****. ** *******, * ***** the *** **** **'* ********* ******* ******* ** **** ** (or *** ***** **** *** **** ******) ** *********** "* website" ***** ****
**** ** ** ******** ***** ** * ******* *** ****** to *** **** ***** (*****, ** ******, **** **** **** the **** ********** ** **** *** ***** ******).

Re: ...**** ** *** **** ** *** ***, **'*, ******** ***? * ***** *** ****** ****** ***** ****** ** ******** ******.

: * ***** ** *** ******* *** ** **** *** equation *** *** ****** (******* *** ****'* ** ** *** corporate *** **** **) ***** *** ****** *********** **** *** of ***** ************ *** **** **** ** ****** ********** ** the ** *******, *** ** **** ******* **** ****** ** a **** **** ** *** ** ***** **, ********, ***. The ***** ** *** *** **** ****** **** * *********** that ** *** *** ******* ***. ********* *** ***; *** VMS *** **** ** ******* ** *** *** **** ******* username *****/******,****+**** *** ** *** ***** *** ********** ** ***. It **** *** ******* ******* ************. ***** ** ******* * OS ** *** *** * *** **** *** ***** ?? I *****'* ****
**** ** **** *** ******** ** *** ******* ***** ****** (C:\Windows\System32\eventvwr.exe).

Re: ...****, ****'* *** **********? *********** ** ***?

: *** ********** ******** ** *-**** **** ********* **** **** the *** *** "** **** **** ** ********* ******* ** with * ****** **** **** ***** **** *** **** ******* on **" *** **** ** *** ******** ********* ** *** point ** ****". ****, ** **** *** **** **** ** favors *****-***** ********* *** ***** "*********". ** **** ** ** also * "*****" *** * ********* ****** ****** ** **** it's ***** *** "******* *** **** ****** *** *******" ** don't **** (*** ***** **** ***** ****) *** **** **** deals *** ********* **********.

Re: ...*** *** *** * ******** ** *** ***** ***** **** ****** *** **.

: *** ***** **, *** ** ******* ** *** *** tasked ** *** ******* ******* ** ** *** **** ** "technological *******". **** *** ***** ** ****, ** ** ***** and **** ** *** **** ****: ******* **** ** ** judging *** ****** ** ** ******** *** ********** *** ** the **** **** ** ** * ****** **** ** *** system ******** *** ******** ******. **** *** ****** ** **** and ***** ** *** ******** ***** ****** ** ** *** one ****** *** ******* **** ** *** **********.

*** **** ** ****** * *** ********-***** ******** ** ** isolate *** *** *** ******* *** ****** **** ******** ** the ***** ** *********. ** **** **** *** ** ******* will **** ** ******* *** *** ***** ******* *********** ** the **** ** *** **** ** ** ******** ** ****** of ***********. *** ******** ***** ** * **** ** "** impartial *****" ** ** *****. ****'* *** **** ****.

***********.

**** *** ******* *** **** ** **** *** / ***? If ***** ** **** ** ******, **** **** ****** **** a ******* ****** ** ******** ****** **** ****. ** *** have, **** ** **** ****?

**** ******* **** ****** ***** **** *********, * ***** **** to *** **** **** ** ** *** ******* *** *** what ***** ****** *** ********* ** **** ****. ** **'* for * ******* ****, ** ****** **** *** **** ** thing **** ***** ** *********, **** ** * ****** ** software ******. ** ***** ** **** **** ********** ****** ** trying ** ****** ************ *** ** ******* ******** ***** *** way.

* *** ****** ** ********, *** ***** **** **'* ** the ****** ** *** ***** ** ***** **** ****'** *** really ********** ****, ** ****'* *** **********? * ***** **** to ** ** *** ** **** **** *** ********* **** around **** ****.

* ****** ** ******* ****** ** * **** **** **** attaching ** *** ** *** *** (** ********** ****** ******). It's *** ** *** ******* *'* *** ** ***** ** that ******/************.

**** ***** **** * ***** **** ****** **** **** ** seems **** * *********** ********** ** ******** * *** ****** must ** *********** *** ***** ******* ******* ****** ********.

** ***** *** ** *********** **** **** *** *** *'* look ** ****** *** **** **** ********* * *** ****** in ******* *.

*** ***** **** ***** ***** ******* * ******* ****** ******* the ****** *** *** **** ** *** ******* *** ********* to *****/******* *** ******* *** ** *** *** ********.

** * ******** ******** ****** *****/******* * *** ******, **** is ** **** ** ****** *** ********* *** ** ****** completely ** *** ***** ** *** ******** ?? ... * mean, ** ** ** ** * ******** ***** ** ** addresses *** ******* ***** ** ********, *** ******** ********* **** has ** ***** ******* ** ******* ** ****** *** * proxy *** ******* ** ******* *******, ** **** ******* ?? Which *** *** **** ********* ** *** ******** ******* ********* and ********* ******* ******** ***** *** ******* ****** ??

* ***** *****, *********** ****** ** ******* ****** ******* ****** the ******** *** ***** ** ******* ** **** ********** ******* to *** ****** **** *** ********** ********* ** **** *** saturated **** ******* *** ****** ******* *** ***** ********. **** attacks *** ****** ***-**** *** **** *** *****, *** **'* not ******** ** ****** ***** ** ** ** ** *****. So **'* *** **** * ******** '******' *** ******, ****** any ********** ***** **** ** ****** *** *** ** ****** the '***' ******* *** ***** **** '****' *******. ** *** case ** * ************ ******, **** ** *********** ******* *** network ******** ***** ** **** ****** * **** ***** ****** of ******* *** **** *** ** ************* ******* *** **** and *** *******. *** ******* ***** ** *** *** ** to **** ** **** * **** ********** ******* ******** **** a *********** **** ** ******** **** ******* ******** (*** ***) over ** ***** ******* ***** *** *** ******** ** ******, apply ********* *********, *** **** ******* ********** ******* ** **** service *** *** ******** ** *** ******. * *** ** the ********* **** ******* ******* ************ ******* ******** **** **** this ********. * *********** ******* ******** (*.*, *** ***** ******* provider) ***** ** **** * **** ********** **** ** ***** as **** ** ***** ******* ******** **********.

*** ** *****'* ***** **** ***'** ******* ***** * **** attack **** ******* *** ******** **** **** *** *** ****** an ******** ******, *****? **** ***** ** ** ***-*** *** rather *** ******* **'* * ***** **** ** ***** ******* of ***** ******** *** ***'* *** **** ******* *** ****** down *** ******** **** ***, *******? ** **** ** *** case **** ** ****** ****** ** ******** ** ****** **** traffic ******* *** ******** *** *******. *** ******* **** ***** to ** ********* ** **** *** ***** *******. *** ***** that ** ****** ** **** ** ******, **** *** ********** that **** ** *** **** ****** ***** ** **** *******..

******** ** ********! *** ********** ** **** ***** ************ ******* experiencing * *** ** ***-*******. **** *** ***** ****** **** occur ** * *******, *** **** ** ******* *** ******* the ******* ** ********* **** ** ***** **.

**** ***** ****** **** **** *********; *******, *** *** *** attacks *** ******* *****. **** *** ** ********* **** *** use ** *** *** ********, ****-** ******** ** *** **** connections **** * ****** **, ***** ****** **** ** **** attacks *** **** **** ****** ** ********. ** *** *** experiencing ** ******, ** ** **** **** ****** * *** attack ********** **** ***** * *** *********; ***** **** * UDP ********* ********** ****** ******* ***% ******* **********.

*** ******* **** *** ****** ** * ***** *******, *** and ** ******** *** ** **** ** **** *** ****** of *** *******. **** ***** ******* *** ***, ** ** highly ******** **** * *** ******* ******* **** **** ********* on *** ***** ******* ******* * *********** ****** ** ******* attack; *******, *** **********. ** * ****, *** **** ** analyze **** ** ********* ** *** *******.

** ** ******** **** * ***** ************ ****** *** ********* without *** ************* ** ******* ********; ****** ****** **** **** video ************ ************** (********* ** ***) ** ******. *** **** to ******* *** ***** ************ ******* *** *** ******** ** logical ********** **** **** ** *** ***** ******* ***** ** have **** **** ** ********.

** *********** ********* **** ******* ***** * ***** ***; ****** 1am ***** ******* *** **-** *******, ** **** ***** **** all ** *******; *** *** ******* **** ****** **** ** the **** ***, *** ********* **** **** ****. ** **** able ** ******* *****, ******* *** *** ******** *** ******* all ******* **** *** **** ***** *** *** *** *********. Long ***** *****; ** *** *** **** *********** ******** ******* some *** (** *** ***** *** *****); ***** ***** ***** to ******* ********* ******, ** **** **** ** ******* * bandwidth ***** (****** ** ~******) ** *** **** ****** (***** the *** *** ********* **). ********* *** ******** ** ******* the ******* ** ********* *** **** *** ****** ** *** traffic. ** ****** *** ** ** * **-*** ******** ******. Every ******* ** ***, * ****** ** *** ***** **** of *** ******** *** **** ** **** * **** ******** file; ** * ******* ******* ********* *** *** ******** ******* overhead ** ***, **** **** ****** ~** *******. ***** ******* up * ***** *** ***** ** *** ******, *** ******* never *** *** ***** ******.


******* *** ******* *** ****** ****** **** *******!


**** ****.