Javascript is disabled. Enable javascript to view IPVM.
Contact us at info@ipvm.com for help.

Why Is A Bot Scanning For Hikvision Devices With DDNS Exposed?

John Honovich

•Dec 21, 2018

IPVM

Posted by a researcher monitoring for network abuse:

⚠️ WARNING ⚠️
Incoming scans detected from 47.88.12.62 looking for #Hikvision devices (IP cameras, DVRs) that have their DDNS settings exposed. pic.twitter.com/fedIweaEei
— Bad Packets Report (@bad_packets) December 20, 2018

Data shared:

Any ideas?

Reactions:

(2)

Undisclosed #1

•Dec 21, 2018

Sorry, I'm just bored.

Reactions:

(1)

Undisclosed #2

•Dec 21, 2018

IPVMU Certified

A call to arms?

Reactions:

Undisclosed Integrator #3

•Dec 21, 2018

*Looks for companies based in San Mateo*

Is GoPro trying to pick a fight?

Reactions:

(1)

Jay Hobdy

•Dec 24, 2018

IPVMU Certified

For those of us that rode the short bus to school, what does this mean?

I assume someone is scanning for Hik devices but do we know who? What would getting info about the DDNS status do?

Reactions:

Matthew Del Salto

•Dec 24, 2018

Hudson Security

Could easily be any of the servives that scans for open urls for known ip camera models. With a list of all the ddns hosts mapped to IP cameras exposes web based vectors behind firewalls ie the magic string attack we saw last year that reset the admin password or was able to see snapshots of video. There will always be someone scanning common ddns services for ip cameras. Keep your devices offline and only connected to a proper VMS!

Reactions:

Undisclosed #4

•Dec 26, 2018

I didn't know Marty was setting up shop in San Mateo!

Reactions:

New discussion

Ask questions and get answers to your physical security questions from IPVM team members and fellow subscribers.

Newest discussions