New cameras from Netgear-Arlo
-
@Dashrender said in New cameras from Netgear-Arlo:
@Jason said in New cameras from Netgear-Arlo:
@JaredBusch said in New cameras from Netgear-Arlo:
The next IoT device to add to the botnet
Yup. Get a DVR and use a VPN or SSL not something that uses their online service...
I don't have a problem with using someone's online service as long as my device doesn't need to be published through my own router. Sure if the vendor gets hacked, the hackers could use that connection to try to get back into my network, but I'm a soft target compared to the vendor's network.
Not really.. Not when there's millions of those devices to uses in a DDoS. You all become part of the plan.
-
@Jason said in New cameras from Netgear-Arlo:
@Dashrender said in New cameras from Netgear-Arlo:
@Jason said in New cameras from Netgear-Arlo:
@JaredBusch said in New cameras from Netgear-Arlo:
The next IoT device to add to the botnet
Yup. Get a DVR and use a VPN or SSL not something that uses their online service...
I don't have a problem with using someone's online service as long as my device doesn't need to be published through my own router. Sure if the vendor gets hacked, the hackers could use that connection to try to get back into my network, but I'm a soft target compared to the vendor's network.
Not really.. Not when there's millions of those devices to uses in a DDoS. You all become part of the plan.
I get what you're saying, but normals want remote access their DVRs and setting up access through a cloud provider that then has a secure connection to the DVR is way better than normals trying to setup and maintain VPNs, etc.
-
@Dashrender said in New cameras from Netgear-Arlo:
@Jason said in New cameras from Netgear-Arlo:
@JaredBusch said in New cameras from Netgear-Arlo:
The next IoT device to add to the botnet
Yup. Get a DVR and use a VPN or SSL not something that uses their online service...
I don't have a problem with using someone's online service as long as my device doesn't need to be published through my own router. Sure if the vendor gets hacked, the hackers could use that connection to try to get back into my network, but I'm a soft target compared to the vendor's network.
I told you yesterday, that this is not possible. you have zero ways to access a device from outside your network without it opening a port via UPNP or you manually doing it.
Anything else is too expensive.
Why do you keep insisting that you can access via a third party service?
-
@JaredBusch do you mean because the alternative is the camera pushing all of the data to the cloud provider and then the cloud provider pushing it down to you causing huge bandwidth and latency problems?
-
@scottalanmiller said in New cameras from Netgear-Arlo:
@JaredBusch do you mean because the alternative is the camera pushing all of the data to the cloud provider and then the cloud provider pushing it down to you causing huge bandwidth and latency problems?
Correct.
Of course it can be done technically. But it is not economically feasible. You would have to pay subscription fees to the providers to offset bandwidth costs. Because there is no manufacturer out there that will let you do it for free (aka on their dime).
-
@JaredBusch especially for something like video. Imagine the bandwidth and storage that would be needed by the provider. You could, in theory, have some system where it only pushes video when you want to watch it, but that would be problematic and limited. You'd, in reality, end up with every camera, everywhere constantly pushing to a single host. That would be intense. Not Netflix intense, but a staggering scale.
-
@JaredBusch said in New cameras from Netgear-Arlo:
@Dashrender said in New cameras from Netgear-Arlo:
@Jason said in New cameras from Netgear-Arlo:
@JaredBusch said in New cameras from Netgear-Arlo:
The next IoT device to add to the botnet
Yup. Get a DVR and use a VPN or SSL not something that uses their online service...
I don't have a problem with using someone's online service as long as my device doesn't need to be published through my own router. Sure if the vendor gets hacked, the hackers could use that connection to try to get back into my network, but I'm a soft target compared to the vendor's network.
I told you yesterday, that this is not possible. you have zero ways to access a device from outside your network without it opening a port via UPNP or you manually doing it.
Anything else is too expensive.
Why do you keep insisting that you can access via a third party service?
it's not to expensive! Ring Video Door bell is a perfect example of what I want. For no fee, I can log into Ring's servers and it will show me the video feed. For a fee, they will store the video feed for some period of time.
I'll be confirming that I don't need any ports on my router open when I get mine installed.
-
@scottalanmiller said in New cameras from Netgear-Arlo:
@JaredBusch especially for something like video. Imagine the bandwidth and storage that would be needed by the provider. You could, in theory, have some system where it only pushes video when you want to watch it, but that would be problematic and limited. You'd, in reality, end up with every camera, everywhere constantly pushing to a single host. That would be intense. Not Netflix intense, but a staggering scale.
Actually I disagree on that last point. I say it would be more intense than Netflix.
If every camera out there worked that way, it would blow Netflix traffic out of the water. Especially as more and more of the cameras are HD.
-
@scottalanmiller and @JaredBusch Dropcams, that's why you have to pay a monthly fee to use the things. Point, check, match.
-
@scottalanmiller said in New cameras from Netgear-Arlo:
@JaredBusch especially for something like video. Imagine the bandwidth and storage that would be needed by the provider. You could, in theory, have some system where it only pushes video when you want to watch it, but that would be problematic and limited. You'd, in reality, end up with every camera, everywhere constantly pushing to a single host. That would be intense. Not Netflix intense, but a staggering scale.
But it solves the current HUGE security problem we have at only the cost of the camera owner paying an additional fee.
I'll have to check the Logitech cameras - I don't know if they open ports on the firewall or not. but Logitech does offer a DVR service for the cameras as well, as for watching live, I don't know if that is done through Logitech's servers or direct.
-
@travisdh1 said in New cameras from Netgear-Arlo:
@scottalanmiller and @JaredBusch Dropcams, that's why you have to pay a monthly fee to use the things. Point, check, match.
Thank you!
-
@JaredBusch said in New cameras from Netgear-Arlo:
@scottalanmiller said in New cameras from Netgear-Arlo:
@JaredBusch especially for something like video. Imagine the bandwidth and storage that would be needed by the provider. You could, in theory, have some system where it only pushes video when you want to watch it, but that would be problematic and limited. You'd, in reality, end up with every camera, everywhere constantly pushing to a single host. That would be intense. Not Netflix intense, but a staggering scale.
Actually I disagree on that last point. I say it would be more intense than Netflix.
If every camera out there worked that way, it would blow Netflix traffic out of the water. Especially as more and more of the cameras are HD.
Really? You think these cameras are sending more HD data than Netflix? that would be interesting to know... I really doubt it.
But, unless the vendor is offering a recording/dvr feature, it wouldnt' have to stream all the time. The camera could do a check-in say every 5 seconds, just like ScreenConnect does (no clue on the actual check-in time on SC). The cameras wouldn't bother streaming until the service tells it that it's needed. And even then, through the use of other technology, a direct link between the viewer and the camera can be made using the proxy host, so the stream never actually goes to the proxy host, just like how Skype used to work before they converted to centralized nodes.
-
@Dashrender said in New cameras from Netgear-Arlo:
Really? You think these cameras are sending more HD data than Netflix? that would be interesting to know... I really doubt it.
I said less, not more.
-
@Dashrender said in New cameras from Netgear-Arlo:
And even then, through the use of other technology, a direct link between the viewer and the camera can be made using the proxy host, so the stream never actually goes to the proxy host, just like how Skype used to work before they converted to centralized nodes.
How does this work? How does this bypass opening the firewall?
-
@scottalanmiller said in New cameras from Netgear-Arlo:
@Dashrender said in New cameras from Netgear-Arlo:
Really? You think these cameras are sending more HD data than Netflix? that would be interesting to know... I really doubt it.
I said less, not more.
And JB said more, not less.
-
@scottalanmiller said in New cameras from Netgear-Arlo:
@Dashrender said in New cameras from Netgear-Arlo:
And even then, through the use of other technology, a direct link between the viewer and the camera can be made using the proxy host, so the stream never actually goes to the proxy host, just like how Skype used to work before they converted to centralized nodes.
How does this work? How does this bypass opening the firewall?
As I understand it, the proxy sends the IP/port of camera to the viewer and the IP/port of the viewer to the camera, then those two each send the other a directed packet on the IP/port as indicated. The NATing firewall will create typical NAT temporary rules to allow the responses to what what is now considered an internally generated request.
I suppose it's wrong to say no ports are open, but they are open only to IP of the other guy, just like when you are surfing a website.
-
@Dashrender said in New cameras from Netgear-Arlo:
@scottalanmiller said in New cameras from Netgear-Arlo:
@Dashrender said in New cameras from Netgear-Arlo:
And even then, through the use of other technology, a direct link between the viewer and the camera can be made using the proxy host, so the stream never actually goes to the proxy host, just like how Skype used to work before they converted to centralized nodes.
How does this work? How does this bypass opening the firewall?
As I understand it, the proxy sends the IP/port of camera to the viewer and the IP/port of the viewer to the camera, then those two each send the other a directed packet on the IP/port as indicated. The NATing firewall will create typical NAT temporary rules to allow the responses to what what is now considered an internally generated request.
That's exactly what @JaredBusch had described.
-
@Dashrender said in New cameras from Netgear-Arlo:
I suppose it's wrong to say no ports are open, but they are open only to IP of the other guy, just like when you are surfing a website.
Not sure how to do that in such a way that it would be the same.
-
@scottalanmiller said in New cameras from Netgear-Arlo:
@Dashrender said in New cameras from Netgear-Arlo:
I suppose it's wrong to say no ports are open, but they are open only to IP of the other guy, just like when you are surfing a website.
Not sure how to do that in such a way that it would be the same.
Right, see @Dashrender you are clearly not understanding how NAT works.
Your router creates a NAT translation to a website because the website is open and accepts all connections. So the return packet is mapped to come from that system.
All the proxy does in regards to your camera is tell your phone what port to connect to on what IP after your camera opens it with UPnP or a UDP Punching.
-
@scottalanmiller said in New cameras from Netgear-Arlo:
@Dashrender said in New cameras from Netgear-Arlo:
@scottalanmiller said in New cameras from Netgear-Arlo:
@Dashrender said in New cameras from Netgear-Arlo:
And even then, through the use of other technology, a direct link between the viewer and the camera can be made using the proxy host, so the stream never actually goes to the proxy host, just like how Skype used to work before they converted to centralized nodes.
How does this work? How does this bypass opening the firewall?
As I understand it, the proxy sends the IP/port of camera to the viewer and the IP/port of the viewer to the camera, then those two each send the other a directed packet on the IP/port as indicated. The NATing firewall will create typical NAT temporary rules to allow the responses to what what is now considered an internally generated request.
That's exactly what @JaredBusch had described.
What? No it's not. I'm not sure exactly what he's saying, but he's not saying what I'm saying at all.
In our private conversation, JB was saying that the vendor wouldn't accept the streams running through their servers due to bandwidth costs that consumers wouldn't pay for.
So sure, while it's possible JB could have been implying that vendors could setup a connection via proxy like I described - if that was really happening, we wouldn't have devices getting taken over because those cloud providers would (god I hope) require the user to setup an account that would be used to link their camera too.
Instead, from what I can tell, you install a camera at home, the camera uses UPNP to punch a hole in the firewall that is open to the world. Anyone port scanning that IP would find the open port and be able to attempt to connect to the camera.
Just look at www.insecam.org. These cameras are just streaming to the world, anyone can connect directly to them, if you know the IP address.
My solution completely short circuits this by requiring your to log into the proxy host, then have the handshake solution I mentioned above. The firewall will never have general for anyone port open.
Now maybe what you're telling me is - is that all these cameras really do have proxies, and those proxies don't have username/passwords setup on them at all, or at minimum they are defaults, I suppose that's possible,