DCS-900W hacked!

[Guest]

Archived from groups: alt.comp.periphs.webcam (More info?)

I put up a couple of D-Link DCS-900W cams at my place of business recently.
Actually you can forget the W (wireless) aspect as I found it to be weak to
the point of being worthless despite good wireless router reception for
laptops at the same or even farther locations. I had to run Ethernet
lines.

Anyway, I was still fooling around with the setup and had not yet put a
password on one of them when someone apparently hacked into it. Nice to
know that people are out probing random IP addresses. The other cam, which
was answering normal port 80 web requests had a password on it. I had my
router set to map an oddball port number to this cam's local IP/port 80.
So someone musta done a port scan to find it that it existed.

Anyway, no big deal; I reset it and put on passwords yada yada and it's all
good.

What I'm curious about is this. When bringing up the cam's webpage I saw
that the date and time were off. Then when I looked on the cam viewing &
control program "IPViewLite" this is what I saw:

http://i4.photobucket.com/albums/y129/filmteknik/ipview1.jpg

How did my "guest" manage to put text into the cam's date & time field?

 

[Guest]

Archived from groups: alt.comp.periphs.webcam (More info?)

Hello,

> What I'm curious about is this. When bringing up the cam's webpage I saw
> that the date and time were off. Then when I looked on the cam viewing &
> control program "IPViewLite" this is what I saw:

I think you can call and ask him Where / how did the camera get thew
time from ? Via NTP ?

Regards,

Martin

 

[Guest]

Archived from groups: alt.comp.periphs.webcam (More info?)

> I think you can call and ask him Where / how did the camera get
> thew time from ? Via NTP ?

I didnt try. A little research suggests that the number is in Taipei,
Taiwan (Country Code = 886, Area Code = 2, 8 digit subscriber number).

Be sure to dial "011" or "+" first when you try it and report back! LOL

He will probably say he just wanted to warn me about the open
password...but hey, if people weren't out probing we wouldn't need them in
the first place! Maybe he changed my firmware to include a backdoor and
I'm now the hit of Taiwanese internet cafes.

 

[Guest]

Archived from groups: alt.comp.periphs.webcam (More info?)

> Be sure to dial "011" or "+" first when you try it and report back!

Oops; didn't see your location. I should have made that a more general "be
sure to dial your international dialing prefix..."

 

[Guest]

Archived from groups: alt.comp.periphs.webcam (More info?)

hah hah that's funny
Probably a sexual deviate running a standard search string automated to
write or upload a new file into the cam. Pretty easy stuff. Imagine he's
targeted a whole slug of camera models, certainly not just your ip and not
just dcs900's Been a while since fiddling with that cam, have three of
that one here, but the root of those cams usually has several files standard
to several cams, just a bit different for the xml/html to brand it as a
dlink product.

Find an unique word string in your dcs900, search it in google or yahoo.
Maybe - You'll see yourself as the featured star on all the peep sites.


"Steve Kraus" <screen@SPAMBLOCKfilmteknik.com> wrote in message
news:szoxe.12909$hK3.12119@newsread3.news.pas.earthlink.net...
>I put up a couple of D-Link DCS-900W cams at my place of business recently.
> Actually you can forget the W (wireless) aspect as I found it to be weak
> to
> the point of being worthless despite good wireless router reception for
> laptops at the same or even farther locations. I had to run Ethernet
> lines.
>
> Anyway, I was still fooling around with the setup and had not yet put a
> password on one of them when someone apparently hacked into it. Nice to
> know that people are out probing random IP addresses. The other cam,
> which
> was answering normal port 80 web requests had a password on it. I had my
> router set to map an oddball port number to this cam's local IP/port 80.
> So someone musta done a port scan to find it that it existed.
>
> Anyway, no big deal; I reset it and put on passwords yada yada and it's
> all
> good.
>
> What I'm curious about is this. When bringing up the cam's webpage I saw
> that the date and time were off. Then when I looked on the cam viewing &
> control program "IPViewLite" this is what I saw:
>
> http://i4.photobucket.com/albums/y129/filmteknik/ipview1.jpg
>
> How did my "guest" manage to put text into the cam's date & time field?
>
>
>

 

[Guest]

Archived from groups: alt.comp.periphs.webcam (More info?)

Well, hopefully he didn't actually make any permanent change. Cam seems
normal after a reset. Of course a hacked version of the firmware would be
designed to seem the same. Not that anyone is gonna see anything of
interest on this cam but still.