Are the default external/internal port numbers always the same?
What happens to the assignments if there is more than one camera online?
********* ** ******* *** ***** ****** even *** *** ***** *** *** not *** ** **** ********** *** believed ***** ******* **** '****' ****** firewalls.
*** ******* ** **** ***, **** specifically, *** ********* *** ********** **** UPnP **** *** *****.
** **** ****, ** **** ** the ******** ***** ** *********'* **** practices, ***** **** **** ***** ** reduce ** *** *************** **** **** remain.
********
**** *** **** *** ******, ******** confused *** ********* ***** **** ***** their ********* ** ******* ******. *** most ****** ******** **** ** *** camera ***** ******* '******':
** ***** *****, ******* *** ***** to ******* ********, ** ********* ** an ********** ** ** **** **********:
**** ******* **** ** ***** ***** is **** **** **** *** ***** of ******** ***** ******* ** *** public ********, *** ******** **********'* ************** ** **** *******, **** **** *** ********** ******* access ** ***** *******, ***** ** their **** ****** **** **** **** from ******** ******.
Vulnerability: **** *** *********
** *** ********** ** *** *****-********** discussion ***** ***, ***** ******** ************ time *** ****** ***************, ********* *** enabled **** *** ********* ** *******,** ** *********:
********* ******* ******* **** *** *********, automatically ******** ***** *** ******** ***** to ***** ******* ****** ***** *** May ****, *.*.* ********. **** ** a ************* ** *** *** *** combined **** ************ ********, ** ****** **** ******* ** anyone ****** *** ****** ********. ******** UPnP *** ********* ** *******, *** combining ** **** ** ******-********* ******** set ***** ******* ** *** ******. Attackers **** ********** ****, ******* ** large ******* ** ********* ******* ***** altered ** **** "******" **** ** the ***** ***** ** ***** ******** entirely ** ****** ***** ************* ***** out, ** *** **** * ****** loop.
Failed ** ******* **** ****
*********'* **** ************* ** ***'********* **********'************** ** ******* *** ***** ** UPnP. ******,********* ********* *** ************ ** ******* ****** ** **** behind ***** *******:
*** ************ ******** *********** ********** ******** ******* * ********* ***, Hikvision **** ********, ** *****-***** *** software. ** ****, ******** *** ************** ********* ** ******* ** ** open ** ****** ******, ******** *** risk ** *** ************* ********. ** date, ********* ***** ***** ** *** ******* ** malicious ****************** **** **** *************. [******** *****]
** ******, *** ***** *** ********** reports ** ********* ********, *********** ** many **** ** *********'* **** ****** and ***** ******* ** *********** ***** risks.
UPnP ******* ******** *.*.* *** *******
** ********* ***** ** *.*.*, **** was ******* ** *******, **** *** camera's *** ********* ******* ***** ***** being ********* *** ****, ****, *** "Server ****" (*******/******* ****).
*******, ***** *** **** ***** ***** only ***** *****, **** ******** ******** UPnP ** * ******, **** ***** were ******** *********: *** ***** ***** as **** ** **** *** ****, described ** "*************" *** "****************."
* ********* ******** [**** ** ****** available] ********* ***** ***** ** **** for ***** (***-*******) ******* *** **** View, *** **** **** ** ***** possible *** ***-*******/***** **** **** ***** ports *** ******.
UPnP ******** ** ******* ** *.*
***, ** ******** ******** *.*.* *** later, **** *** **** ******** ** default:
**** ** ******** ** *******. ***-******* platform ***** ****** **** **** ****** is ***** *** ******* **** **** camera ** ******* **** ***-******* ********. Upgrading ***** *** ****** *** **** configuration.
***** ******* ** *** **** **** manually ****** ** ** *** ******'* web ********* ** **** ******** **** it ** **** ****** ** ***-******* (see *****).
Not ******** ** *******
**** **** ***** **** ** ****** off ** *******, ** ************* **** ********* ********. **** ***** that ** ***** ******** **** * version ***** **** *.*, ****** *** the **** ******** ** ********* ******* older **** * *** ******, **** will ***** ** ******* ****** ***** manually ******** **.
Enabled ** ***-*******
*** ****** *** ** ***** **** is ******* ** **** ***-*******, ***** directs ***** ** ****** '**** *******' which **** **** (** ***** ** the *** *** *****):
******* ***-******* ***** ***** ***** *******, Hikvision ******** **** ***** *** ****** configuration.
UPnP = ******** ****
******* **** ********* *** **** ********** process *** ** ****** ** ** default ** **** ******* ******** ** ISPs, ***** *** ****** *** ** aware ***** ******* *** **** ********* to *** ******** *** *********** ********** to ****** (************ ******** *******). *******, **** ***** *** *** aware **** *** ******* **** ********** on *** *** ** ***** ** what ******** *** *******, ** *** all ***** *** ********** ** *** camera's *** *********.
Future ***************
********** ******* ********* ** *** ******** eventually *** ******, **** *** **** true ***** *** ******** ****** ***** popularity **+ ***** ***. ********* ***** hacks *** ******, *** ******* ** create *******, ** ** *** **** of ******** ****** ***** ** ***** *******, ***** ***** *** ***** *** less ******, *** ***** ***** **** or *********** ** *****. ** ********** seeing ******* ******* ********** ********* ******* escalate, ** **** **** *** * very ***** *** **** ********* ****** when ******* **** **** *** ********* enabled, *** ****** ********* ********* **** require ****** ****** **** *******.
Are the default external/internal port numbers always the same?
What happens to the assignments if there is more than one camera online?
Defaults are always the same (80/554/8000). If there's more than one camera online, the port numbers are incremented, so camera 2 would use port 81, camera 3 uses port 82, etc., etc.
Despite Hik-Connect being their cloud service, Hikvision requires open ports for remote configuration.
This is not true for Hik-Connect. They just suggest using UPNP to automatically port forward to make a quicker connection then relying solely on the P2P cloud service. You can click the Skip Icon and the cloud service still works fine. Matter of fact, I wish they would just simply remove the UPNP step, its confusing and UPNP works less than half the time on routers.
An even more annoying feature with the new updated Hik Connect is when the app "senses" there is a poor network connection. It suggests that you "map the ports" to make a quicker connection. This is basically turning on UPNP. I hope they remove that feature because I can just hear my customers calling right now " My app says I have a poor connection, how do I map my ports?"
This is not true for Hik-Connect. They just suggest using UPNP to automatically port forward to make a quicker connection then relying solely on the P2P cloud service. You can click the Skip Icon and the cloud service still works fine.
So if you skip it, you can configure camera or recorder settings how? Via the app? iVMS? Other? How do I remotely connect to configure a VMD zone without port forwarding, for example?
If this is true I'd like to test it and correct.
Sean is right!
You configure settings locally
and use Hik-Connect to "connect" :)
U can do it thru ivms for sure, all settings are available thru ivms via p2p. Also, there are more and more settings u can set thru the phone app as well with each update. For example, you can block out motion areas in the image when i was using their new doorbell the other day. I assume these features will get pushed to all devices soon. Btw , are u guys going to test the doorbell soon?
Camera settings changes fail via cloud in iVMS. I've tried this on multiple cameras at multiple locations, and the Hik-Connect app itself only includes turning notifications on or off.
You can configure recorders through iVMS, but it's ridiculously slow. Over a minute to load settings initially in all our testing, and 10-15 seconds to switch between settings pages.
Confirmed, My Bad. I never tried to get to settings with a cam, only a DVR and assumed it would work on cams.
Btw , are u guys going to test the doorbell soon?
Excuse me, but it’s a door station;)
Not seeing any doorbells, just door stations on the u.s. site. Is it available here yet?
It's in the product quick guide, but not on the website. The Hikvision branded version is not yet available at ADI, Anixter, Tri-Ed, etc. We plan to test it when it's available from these sources, branded Hikvision.
There are OEM doorbells available for awhile now, though. LTS is selling it, and you can find it online elsewhere, but my concern is that the overseas doorbell part number is different from what is in the quick guide, so I'd rather wait and test the model with local support.
@Ethan,
Can you please do Hik-Connect DVR test for open ports
scan DVR from outside for open ports
before and after connection
Thanks
I wish they would just simply remove the UPNP step, its confusing and UPNP works less than half the time on routers.
I guess were lucky that it doesn’t work so well. Every Cloud has a silver lining.
I remember hearing about the security issues with UPnP 10 years ago, it surprises me that its still included on new devices...
UPnP is just a way how residential customers do their DIY projects. If you have qualified installer and commercial project, all those potential holes will be disabled, including UPnP on your router
UPnP is just a way how residential customers do their DIY projects. If you have qualified installer and commercial project
Dennis, and how many installers are qualified in IP networks? We've already discussed this at length here (for others to review) but I'll simply reiterate 2 points:
And, as I stated before, don't go to a not qualified installer. When you go to a car shop, would you expect techs to be qualified so you'll stay alive driving your car after tire change?
don't go to a not qualified installer.
1. Hikvision does not restrict sales to 'qualified' installers.
2. How is an end user supposed to figure out if an installer is qualified in networking? Keeping in mind that they the end user is no an expert in this field.
To be clear, I agree aspirationally that installers should be qualified, manufacturers should strive to limit their partners to qualified installers and end users should be able to choose qualified installers, but in reality, that's hard to achieve.
Good example of people still being impacted by the Hikvision UPnP problem: IPCamTalk Hikvision vulnerability detected by Rogers, user realizes UPnP is enabled and his old vulnerable Hikvision cameras are exposed to the public Internet.
You can't simply rely that UPnP has be disabled in the IPC/router/(or whatever) and no ports has been forwarded, you will need to check actively by your self.
You can do that in different ways, one is to have your own box outside and do portscan of all 65535 ports towards your external IP, or secondly check with
https://www.zoomeye.org/searchResult?q=<IP address>
https://www.shodan.io/host/<IP address>
To many times I've seen UPnP active in one way or another, even it's disabled in Web GUI.
Note: zoomeye.org seems to be most accurate in my tests.