Foscam Forum • View topic - Security Concern with MyFoscam.org

Important Message from Foscam Digital Technologies Regarding US Sales & Service

Foscam.US (aka Foscam Digital Technologies and now Amcrest Technologies) is an independent United States based distributor of "Foscam" branded products. We have been offering telephone support, US local warranty and building the Foscam brand in the US for the past 7 years. Based on our experiences with Foscam and feedback from end users we have launched our own new and improved line of wireless IP cameras and security systems under the Amcrest brand. Working in partnership with the second largest security camera manufacturer in the world, Amcrest was founded with a deep commitment to end-user privacy and security, highly reliable software and hardware as well a seamless and intuitive user experience. For more information, please visit www.Amcrest.com

If you are having trouble with your Foscam cameras, we sincerely apologize for this inconvenience and would love to help. For technical support, response to inquiries and for obtaining replacements for any Foscam IP Cameras or NVR products, please reach out to tech@foscam.com or call 1-844-344-1113.

If you are interested in exchanging your Foscam camera for an Amcrest camera, we can offer you a massive loyalty discount, even if you are out of warranty. Please send an email to support@amcrest.com, sales@amcrest.com or call 1-888-212-7538

If you are subscribed to Foscam Cloud (www.foscamcloud.com), please contact cloud@foscam.us for support.

If you currently use the manufacturer's cloud service (www.myfoscam.com or linked in any way to www.foscam.com), you will need to contact them directly for support, at www.myfoscam.com.


Security Concern with MyFoscam.org

Users can ask and answer questions regarding Foscam IP Cameras

Moderators: mycam, FOSCAM

Re: Security Concern with MyFoscam.org

Postby Series 1 » Tue Jan 29, 2013 12:40 pm

Re: 9821 NTP access every 60 seconds (11500 hits a day)

What you say may be true for Foscam. It is not true for any brand IP camera I have, and I have quite a few. Once an hour is fine with me but once a day, which is the norm if any, is also fine. Once a minute is nothing less than absurd, but hey, this is Foscam, right. What isn't.

If you take a look at your desktop, it hits NTP about once every seven days or so.
Series 1
 
Posts: 14
Joined: Sat Jan 05, 2013 10:33 pm

Re: Security Concern with MyFoscam.org

Postby TheUberOverLord » Tue Jan 29, 2013 1:11 pm

Series 1 wrote:Re: 9821 NTP access every 60 seconds (11500 hits a day)

What you say may be true for Foscam. It is not true for any brand IP camera I have, and I have quite a few. Once an hour is fine with me but once a day, which is the norm if any, is also fine. Once a minute is nothing less than absurd, but hey, this is Foscam, right. What isn't.

If you take a look at your desktop, it hits NTP about once every seven days or so.


Many, if not most, security camera brands and models that allow in their camera configurations time sync checks, to take place, use 60-64 second time intervals, with their NTP interfaces.

This is rather standard, so that any images and videos file timestamps maintain a close as possible true time when NTP is active. Of course as stated in my prior post, like most other brands and models, this feature can be disabled, if desired.

Generally, there are not options to change this NTP interval. The feature is usually an on/off feature, as it is with Foscam camera models.

As one of many examples I could use. From Cisco:

"If you check this check box, the camera contacts the designated NTP server every 64 seconds and synchronizes its internal clock with the time of that server."

From ("See Page 32"):

http://www.cisco.com/en/US/docs/securit ... 253xug.pdf

What brands and camera models are you saying do otherwise?

Don
TheUberOverLord
 
Posts: 13110
Joined: Fri Jun 22, 2012 11:52 pm

Re: Security Concern with MyFoscam.org

Postby tadc » Tue Jan 29, 2013 2:44 pm

Thanks all for the informative discussion. You bring up valid points about the risks related to having a whole domain full of poorly secured IP cameras.

One question though: for those of us who have allowed the default settings to register with Foscam DNS... how do we "unregister"?

From looking at the Foscam DNS status page (clicking "Validity Queries" on the DDNS page) it seems to imply that if I do nothing, the myfoscam.org DNS will remain "valid" until 2016. Doesn't that mean that it will continue to point to my IP address (presuming it remains the same) until then?

Thanks for any input.
tadc
 
Posts: 2
Joined: Tue Jan 29, 2013 2:37 pm

Re: Security Concern with MyFoscam.org

Postby TheUberOverLord » Tue Jan 29, 2013 4:08 pm

tadc wrote:Thanks all for the informative discussion. You bring up valid points about the risks related to having a whole domain full of poorly secured IP cameras.

One question though: for those of us who have allowed the default settings to register with Foscam DNS... how do we "unregister"?

From looking at the Foscam DNS status page (clicking "Validity Queries" on the DDNS page) it seems to imply that if I do nothing, the myfoscam.org DNS will remain "valid" until 2016. Doesn't that mean that it will continue to point to my IP address (presuming it remains the same) until then?

Thanks for any input.


You are very welcome.

If needed please also see this about how a DNS and DDNS operate generally:

http://en.wikipedia.org/wiki/Dynamic_DNS

IMHO. With or without a DDNS you will be scanned by others, by others using your ISP IP Address. Generally, more than once a day. If you activate Router/AP logging you will see this is fact not fiction.

This is because it's publicly known and easy to find out what ISPs have what IP Addresses and then someone simply needs to walk down/up that IP Address range and do whatever they feel they wish to try.

So, not having a DDNS will not stop the daily traffic you are getting doing that already.

You have two choices really when it comes to removing any DDNS reference to a specific ISP IP Address in this case:

1. Prior to making your camera open to remote access. Disable DDNS.

2. If you already have a DDNS to ISP IP cross-reference created. There are a few different things you can do, if you decide you don't want this cross-reference in place anymore.

a. This might be enough for some and not others. Disable the DDNS. Change all the ports to your IP Cameras. While the DDNS will still point to your last known ISP IP Address, any ports for IP Cameras will no longer be correct.

b. Many, if not most ISPs actually assign your ISP IP Address ("For Broadband ISPs as one example") based on the MAC Address of the network equipment you plug directly into the ISP Equipment.

This is why Many Router/APs allow you to "Fake" the MAC address it will use vs. using the real MAC address it has been assigned at the factory.

This allows you to actually be re-assigned a new IP Address by your broadband ISP provider ("Instantly") by simply changing the MAC address of what you connect to it.

It also allows you to keep the IP Address you currently have by using the MAC address of your old network equipment that you replace. By using the MAC address of the old network equipment that was plugged into the ISP equipment. Your ISP IP Address will not change when using the new network equipment, because it does not sense any change in network equipment.

So, if you disable your DDNS and even include method #1 show here. Then use this method. Whatever information your DDNS had, will now be invalid.

There is no magic going on here, in the sense that Foscam is doing this or that any different than many if not most DDNS interfaces do.

I want to make that clear here, because I am starting to sense that some think otherwise.

Additionally. I hope everyone is aware that when this is said:

"You bring up valid points about the risks related to having a whole domain full of poorly secured IP cameras."

That there is ("NO") need to have a DDNS to gain access to poorly secured IP Cameras. Once you enable remote access for this or that. Anything can be exploited, without the need or requirement to have an active DDNS interface in place, by simply using your ISP IP Address.

Point being, even if you clear any cross-reference from a no longer being used DDNS. If the ISP IP Address and port for the camera is still the same, then you can ("Still") directly access that camera by simply using the ISP IP Address and the port for that camera, if both are still the same.

Don
TheUberOverLord
 
Posts: 13110
Joined: Fri Jun 22, 2012 11:52 pm

Re: Security Concern with MyFoscam.org

Postby Series 1 » Tue Jan 29, 2013 4:10 pm

Axis. Dahua. Panasonic. Vivotek. That's four (Vivotek would include those like Level One, 4xem, and a few others). These brands are known for doing IP cameras. There's nothing special about syncing with NTP, but every minute is ...already said it too many times.

Look at your desktop. Once a week. Do you believe your Foscam camera, which has enough problems as it is, needs to do NTP 10,000x more often (that's more than one million percent more often: 1440 syncs per day (1440 minutes in a day), for seven days). Just to be sure you are trying to say that:

You claim your Foscam needs to sync with NTP 10,000 times more often that your PC needs to sync with NTP. That 1 million percent more often makes perfect sense, since Cisco says so in some camera's PDF.

I can't even type that without laughing.
Series 1
 
Posts: 14
Joined: Sat Jan 05, 2013 10:33 pm

Re: Security Concern with MyFoscam.org

Postby TheUberOverLord » Tue Jan 29, 2013 4:27 pm

Series 1 wrote:Axis. Dahua. Panasonic. Vivotek. That's four (Vivotek would include those like Level One, 4xem, and a few others). These brands are known for doing IP cameras. There's nothing special about syncing with NTP, but every minute is ...already said it too many times.

Look at your desktop. Once a week. Do you believe your Foscam camera, which has enough problems as it is, needs to do NTP 10,000x more often (that's more than one million percent more often: 1440 syncs per day (1440 minutes in a day), for seven days). Just to be sure you are trying to say that:

You claim your Foscam needs to sync with NTP 10,000 times more often that your PC needs to sync with NTP. That 1 million percent more often makes perfect sense, since Cisco says so in some camera's PDF.

I can't even type that without laughing.


"You claim your Foscam needs to sync with NTP 10,000 times more often that your PC needs to sync with NTP. That 1 million percent more often makes perfect sense, since Cisco says so in some camera's PDF."

Please click the "About Me" link in my signature. While I am NOT all and knowing. I have 43 years experience, as a systems programmer.

I also have not been known nor am I currently known, to make statements without doing extensive research. Which includes this case. As I stated in my prior post, my reference, which I used in that post, was one of many.

I understand PC syncing and how it works and has worked, for many decades now. The issue is, what is the standard currently being used for time syncing security cameras. Which has never been the same standard as time syncing with PCs.

Would you mind providing specific models for brands?

It makes it complicated to verify my NTP interval points here with more specifics, without that level of detail.

Since you say you have some of these brands and models.

Thanks

Don
TheUberOverLord
 
Posts: 13110
Joined: Fri Jun 22, 2012 11:52 pm

Re: Security Concern with MyFoscam.org

Postby Series 1 » Tue Jan 29, 2013 4:35 pm

Look guy, weren't you the same one who complained about the added overhead of the guy who used the "fake" as his dyndns name? This Foscam is running out every 60 seconds sending 1) DNS (send, wait for reply; if router doesn't cache then this is going to the network - and all these were going to the DNS server way out on the net), 2) send three datagrams (!) and get three responses (!). This isn't a broadcast so there is no need to send three, one after the other; send again ONLY if you get no response, and 3) it doesn't pass the smell test.

Anyway, since this is simple enough, this is from an Axis cam. If you need more, just look at any camera other than Foscam (and whatever camera that PDF is for).

Time Mode - Select the method to use for setting the time: •Synchronize with computer time - Sets the time according to the clock on your computer.


•Synchronize with NTP Server - This option will obtain the correct time from an NTP server every 60 minutes. The NTP server's IP address or host name is specified in the Advanced TCP/IP Settings.


•Set manually - Using this option allows you to manually enter the time and date.
Series 1
 
Posts: 14
Joined: Sat Jan 05, 2013 10:33 pm

Re: Security Concern with MyFoscam.org

Postby TheUberOverLord » Tue Jan 29, 2013 4:54 pm

Series 1 wrote:Look guy, weren't you the same one who complained about the added overhead of the guy who used the "fake" as his dyndns name? This Foscam is running out every 60 seconds sending 1) DNS (send, wait for reply; if router doesn't cache then this is going to the network - and all these were going to the DNS server way out on the net), 2) send three datagrams (!) and get three responses (!). This isn't a broadcast so there is no need to send three, one after the other; send again ONLY if you get no response, and 3) it doesn't pass the smell test.

Anyway, since this is simple enough, this is from an Axis cam. If you need more, just look at any camera other than Foscam (and whatever camera that PDF is for).

Time Mode - Select the method to use for setting the time: •Synchronize with computer time - Sets the time according to the clock on your computer.


•Synchronize with NTP Server - This option will obtain the correct time from an NTP server every 60 minutes. The NTP server's IP address or host name is specified in the Advanced TCP/IP Settings.


•Set manually - Using this option allows you to manually enter the time and date.


"Series 1 wrote:
Look guy, weren't you the same one who complained about the added overhead of the guy who used the "fake" as his dyndns name?"

The name is "Don" by the way.

Yes. That was in fact me. The difference between this NTP issue and using a bogus DDNS is that the "Device Status" constantly will show a "DDNS Failed" which IMHO is not something most people wish to see every time they query, the device status of their cameras.

Secondly. A bogus DDNS serves no purpose whatsoever since the destination will never be reached. It truly, has no function or purpose, besides chewing up Camera memory and Camera CPU cycles.

Since it's not complicated to turn off/on NTP time syncing. I think this issue is more clear, in the sense, that there is no complicated procedure required to do so.

Making it easy to turn off NTP if you feel the overhead is not justified. You can then sync time manually, at the intervals of your choice, as needed.

Can I get a brand and camera model?

In this case, I think it's very possible that the information you are referencing has a typo. No joke.

I think, that I can easily verify, that it really does this every 60 seconds vs. every 60 minutes.

I have no way to confirm this, because I have no link to the information being presented and being referenced here by you, nor do I have a camera model.

Please note. I am not saying that a 60 second interval is best or that there should not be selectable NTP interval values that one could choose from besides NTP off/on.

What I am saying, is that Foscam camera models are not the only known IP Camera models, in the known universe, to be using this NTP interval.

This NTP interval, is and has been, a standard interval, for security cameras, for sometime now. Whereas you are making a claim that only Foscam camera models use this NTP interval.

Thanks.

Don
TheUberOverLord
 
Posts: 13110
Joined: Fri Jun 22, 2012 11:52 pm

Re: Security Concern with MyFoscam.org

Postby ukfoss » Thu Feb 07, 2013 4:14 pm

Hello. Google led me here in a search to disable the DDNS, and I just want to say thank you to Don for the clear information. I just bought my Foscam, and was not used to inbuilt DDNS (my last, old webcam didn't have it), so I just followed the installation process without thinking. Now my webcam seems to be busy all the time, and I presume it's because the dynamic server is talking to it all the time. As I have a static IP, and limited broadband, it's a waste. There's no GUI to disable it, so the cgi commands are great to know. Another forum pointed me at camera.htm (view source). Very nice.

Let's hope this works ... the only think I'm not sure about is if I need to change the port back to the default, :80. I'll soon find out ...
ukfoss
 
Posts: 2
Joined: Thu Feb 07, 2013 3:46 pm

Re: Security Concern with MyFoscam.org

Postby TheUberOverLord » Thu Feb 07, 2013 7:01 pm

ukfoss wrote:Hello. Google led me here in a search to disable the DDNS, and I just want to say thank you to Don for the clear information. I just bought my Foscam, and was not used to inbuilt DDNS (my last, old webcam didn't have it), so I just followed the installation process without thinking. Now my webcam seems to be busy all the time, and I presume it's because the dynamic server is talking to it all the time. As I have a static IP, and limited broadband, it's a waste. There's no GUI to disable it, so the cgi commands are great to know. Another forum pointed me at camera.htm (view source). Very nice.

Let's hope this works ... the only think I'm not sure about is if I need to change the port back to the default, :80. I'll soon find out ...


Thanks for the kinds words.

I would use another port for your camera besides 80, 8080 or 8090. One example is port 90. Of course, you can use whatever you have as a port now, if it's working for you pk now.

The issues with using 80, 8080 and 8090 is that it can create port conflicts with your local network equipment, when accessing your camera(s) remotely.

Don
TheUberOverLord
 
Posts: 13110
Joined: Fri Jun 22, 2012 11:52 pm

PreviousNext

Return to Technical Support

Who is online

Users browsing this forum: No registered users and 6 guests