P2P Secure or Not

Any major updates coming, Upcoming Software, General Security advice for others and topics alike Post them here so other users can chat with you.
Post Reply
User avatar
Site Admin
Posts: 5978
Joined: Sat Jun 15, 2019 3:05 pm

P2P Secure or Not

Post by Revo2Maxx »

While I can't answer this 100% I can say this is a Better Option then using a 3rd Party IP camera Viewer software or anyone that requires you to put in your Password as part of the service....

P2P there is no part of that Service you are required to STORE your camera password. Do you have to enter it Yes.. Only and I repeat Only after your camera and you make a Connection... Just like you are home on your own Network.

Wait then how does P2P work there is a Server Right? Yes and No... The Server is only there to pass off the connect between your device and your camera... IT only knows 1 thing your Camera Serial Number... It listens to Pings for Said SN once the Ping is received by the Server and the server double checks that the Camera is still active it then puts your camera and device in a Tunnel for lack of better way to explain it there is NO One with info you are putting in the connection listening to your info... Nor are they able to get the Data off your Camera without knowing the Password... What that means to you.... DON"T USE DEFAULT PASSWORDS......

So there are Network Sniffers out there? yes there is However this sniffer would have to be ON your NETWORK and there is LOADS OF THINGS that would be required for them to be able to SNIFF out your Camera data... With that Why would someone want to? For the Time that someone would have to spend to Sniff out your Camera Feed they could just go and look at what ever your camera is looking at lol....

I am not A Hacker.. I have SNIFFERS I know how the paid and Non paid ones work. Don't know them all no.. But I have used enough of them in my LIFE to know that the Data I want I am not going to get it that way anytime fast...

You know lets work into the Darkness a little... Want to worry about something Real. LOL... Did you know that your IP camera and EVEN your BNC camera if it has an IR can talk to other IR cameras... Yeah if you are MI5 or MI6 maybe some 007 stuff going on .... But yes if you think about it what is your TV remote.. AN IR REMOTE.. that means in a since your Camera is a IR Data carrier. Did you know that your Camera with the right Hacker could get more info off your Camera faster then they ever would off someone trying to SNIFF YOUR CAMERA DATA Lol....

Someone drives up, Uses there software they built into a system, Rolls down the back window of the car Maybe better yet they just have the camera on the roof, with ability to Pan and Tilt to better get in line of the IR camera... Next thing you know your camera is telling the Said Hacker anything and everything that camera has access to... Did you know it could even get Passwords off your Home computer, SSI numbers, CC Numbers Anything that your camera has access to the Hacker sitting up the street could be getting this info and your Camera don't even have to be an IP camera it could be a BNC camera that they could get into your Home network over your DVR.... Yeah sure if your Bill Gates and or Someone that people would want to get busted for doing such... Just because the Ability is there for someone to SNIFF your Network Data I am sure they won't be... Just because there is the ability for someone to go and Talk to your IP or BNC Camera over IR I am sure they have better things to do then tey and Get your Data.

So please Just because I am saying that no one will.. Sure there is always someone with no life out there trying to make other peoples life H E Double Hockey Sticks... But should you NOT use P2P because someone Might Sniff your Data lol NO P2P is MORE SECURE THEN USING IP Camera View or even someone using amcrestview dot com. And even less likely to get data loss then someone getitng into your Camera Cloud account.... The ability for someone to get data off them sites would be grater then someone gaining access to your network to get your camera view lol

Just because the Ability is there don't mean any one will.. People are going to Hack someones Car Heck even my SUV could be Hacked seeing it has Built in Wifi but I am not going to NOT USE IT BECAUSE someone MIGHT do something...
Be Safe.
User avatar
Site Admin
Posts: 5978
Joined: Sat Jun 15, 2019 3:05 pm

Re: P2P Secure or Not

Post by Revo2Maxx »

So while I have not used any sniffer programs for long time.. Some out of date some don't work lol and well one was able to install get update...

So I wanted to test out some things... I am not sure why or how but there is kind of strange thing that happens only on Chrome over the New FW camera... While it does state on the Page that the Connection isn't secure when I run the program and then went and logged on my camera with the NEW Firmware. WHile I can see that my Snooper shows there is a request for logIn yet all the data is Missing or should I say kind of looks Encrypted... I know I know we are talking about P2P but I wanted to setup a Control... You know a test model of something know that it works so I can see more data...

Anyway here is the Crazy thing... When I run the P2P that I know is running P2P because I am not connected to my Local Network on my Cell Phone... There is Magic that is going on... Why do I say this well Because there is NOT one thing showing that my Camera is even trying to connect to the internet.. I can see my Network, My Switch and 3 routers yelling out who is this and what for all my Ip cameras Almost like in a Keep Alive setup... I didn't look into the data the Routers are talking about... Took one of my IP cameras moved it to another Router I have setup as a AP... It works great and still talking with the network and still looks almost the same besides now that Router is asking for updates on what the IP is lol....

However in all that.. Only thing that shows up for DVR and or IP camera that I used while in P2P was normal Whois it is crazy because I can see other outside IP address that the Network is talking with. Like Chromecast and what not.. But there is no IP from my Phone on the Sniffer from the IP it was on from my Cell Provider...

SO I would love to see someone that has a Sniffer that is Tracking Their P2P I setup and did Tracking of Computers making connection to camera over Ip aka WebUI... I can only find area where it knows the user name... Where it should show password it don't. So then because of Traffic and all the issue when Sniffer is running... I turned off FTP.. So I turned back on and well because FTP is just that it shows user and pass in the Sniff so I know that it works.. I also did a computer test in other Non secure connections in my Box and that again turned out just fine. Shows that User and Pass can show when not secure... Then did a test on a SSH box and this shows encryption..

So I tested and tested. Even doing local to my Phone records and snap shots and moved the PTZ and made changes in the settings and all things that should have left some type of trail in the Snoop over P2P yet nothing shows up...
Be Safe.
User avatar
Site Admin
Posts: 5978
Joined: Sat Jun 15, 2019 3:05 pm

Re: P2P Secure or Not

Post by Revo2Maxx »

So I have done some Detailed tests I can tell you that I have no clue where or how P2P is making a Connection to the camera...

So i turned on Testing Snooper and I turned off my wifi so I am going over my Cell IP. I check my IP on my Cell phone so I have something to look up in my test software... I make connection and first Connection is to my CVI unit because it was last viewed... I scroll through the 4 Cameras testing connection Things good no delays and even play a Set in Playback... I Click on the icon at top right of the app and uncheck the CVI dvr and click on the NEW FW 841... Don't know thought there was something about non secure log in or something like that in the FW however I guess not and i will get back to that in a min....
So i then log out of the App... I wait 60seconds for my Snoop software to finish incase... I then click the Stop Snooping...

Go to the Search and I search for Pass, Password, password, pass, pwd, PWD, and the crazy thing is there isn't anything that comes up for the Camera that it has even been logged in... Nothing in the listing for my OLD out dated DVR either again both went over a P2P connection and i was able to get live feed. Watch, Play with PTZ and see it real time on my monitor... Again NOTHING....

So I log out.. and Start a new Snoop this time on my Local Network IP but guess what it don't matter because it was still OVER p2p and again NOTHING shows up...

Now for crazy part... All HTTP traffic is coughs coughs is OPEN and can be Snooped lol Hummm No... So i go to my Main computer that I use most days... Start up Chrome because I am going to NEW FIRMWARE camera... Java.. Anyway I swear I read somewhere that HTTPS was not working in this Release of FW... I didn't put in HTTPS only Ip address... Ya My Snoop found some Data for Camera lol... Again doing search for all words related to Passwords and crazy thing is the data is Encrypted... The TCP data, The HTTP data the RTSP data all the passwords are a bunch of letter and numbers that isn't my password lol...

So then I thought hummm wonder what my 2015 841 camera will do on the FW release before the new one.... 2.250.xxxxxxx... Well Crazy thing is... It is same all kinds of crazy for the password... I can tell you it is in no shape or form Clear text...
Be Safe.
User avatar
Site Admin
Posts: 5978
Joined: Sat Jun 15, 2019 3:05 pm

Re: P2P Secure or Not

Post by Revo2Maxx »

Yeah I am done doing these test lol.... I have connected to my camera many times... Also Crazy thing is FTP is known as a NON Secure form of access and when snooping over a Network I can find user and pass without issue... Geez yeah not going to happen between the Camera and the FTP server... So I thought you know lets test this in this whole testing thing.. While connected to my Camera over my Computer. I can find my Connection and it does show Admin as user Password don't show up it is Encrypted... So under same connection seeing I can't find anything but Magic when Using P2P lol... Anyway over my Computer connection and Clicking on the Test FTP where it would have to send a package to the Server and Get a Return for yes or no... Yeah that is even Encrypted...

OK so while I was typing this I thought you know I did all this in the admin account lets go make a user account and do some more testing lol.... So I setup a Revo2Maxx account on my cameras and tested them all I did a couple with Revo2Maxx and Revo2Maxx2 with 2 being Admin and without the 2 as a User just so I could make sure it didn't matter... Logging into everyone of the Cameras Again this info is based off local connection from my Computer to cameras... All showed the username=Revo2Maxx and password as Encrypted just as before...

So to be a good Tester lol.... I even made a Connection on my phone to test there same... However

I did loads more testing since I started writing this lol... .WOW...

Anyway I found it. I was not looking under the right area and I did find it and it to is just like all the Local Log in Encrypted and isn't something that someone will be able to translate...

Because of the Security of this and how one would have to find it without using simple words lol I am not going to say how I found it and or what the Simple words are to find it... However there is no plain text of the password to any of the cameras...

I will just say this I did have to put a camera on another router and setup my Switch to mirror all traffic off the router to my main computer to get all traffic no matter how it was coming or going....

In the End I will have to say in my Testing P2P is Secure. This Topic is done and I will not revisit this testing any more...
Be Safe.
Post Reply