My router keeps blocking IP attempts from other countries on the channels DVR 8089 port. Is there anything I can do to protect myself better?!
Having the router block other countries is a good start. You could also limit access to the port with a whitelist of IPs and deny everything else.
Edit: Your router may or may not support this.
The server is protected by an authorization code. If you visit it from external unauthenticated source, it prompts you to login. Hopefully there aren't any security holes there.
1 Like
bots...always bots that are always scanning the internet for open ports.
Good that your router is blocking...but there is nothing really you can do to stop it.
Such things will happen if you have ANY ports open...period.
It can happen, did happen to me many years ago, used my routers built in usb port and FTP server....noticed high cpu useage and lag, logs show days of attacks, trying to bruteforce the password, all ips form china and such.
Bots and attackers can get detection of your open port on yout ISP IP address, and send the machines a working in cracking it cause they know its hot. Once you go from typical scan and run, to a being a active target, you will see constant attacks.
The only thing you can do to get away from such attacks, is to change your ISP IP address, the public internet IP Address. This can be done by disconnecting your router entirely from the ISP input, wall jack, etc, for a minimum of 25 hrs. Then when you connect it back, you will get a new IP from your provider. (or you can call them and see if they can "roll your ip" to get a new one, but they may charge you for that.
For me, I do not use any software's built in remote access ability or needed port forwarding.
I setup a Pi4 and installed PiVPN and it is setup with WireGuard VPN.
I only have just one port forward in my router to that pi for the vpn, and since it has PiOS lite, it is bare bones CLI only OS, with only the vpn on it..nothing that can be used for other purposes should somehow, they get in via that port, then have crack the root pass and things for that os, to find its nothing useful bare headless os with no user data of anykind .
Anyway, using WireGuard, app on a client device like my phone, enable it, and i now have full acces to all my software servers, and network shares as if I was still at home on my home network. Channels, Emby, Unifi...I have several things, work great.
I also, when am at home, can just power off the PiVPN entirely, or hook the power cord into a smart outlet, and when it is powered off, even if the open port gets scanned attacked, it resolves to nothing/no response/time out....and they move on.
1 Like
Channels-DVR is listening on 8089. The service that has that port (Channels-DVR) is the only thing that an external user can connect with when using that port. And the software already has a built-in authorization for external users. So it is not something to be concerned about. But if it really bothered you, you can not host any services. Turn off remote access, don't run any web or ftp servers. In fact, you could unplug your internet and stop using computers.
1 Like
The point i was making, and why i setup my network as I have, is that only ever one port is open, not several. Each service or server software requires its own port open and forwarded. In my case, I would need several port forwards set for each service and to its own device. Using WireGuard, allows for one direct connection, over one port, with a lot better/stronger encryption options available to the user to make use of. And far stricter options for connectivity, since you have to go into it and create a user with its own hash key for each device and export the config to that remote client device.
It also just easier, in the long run, since you don't have to worry about what port xyx software needs open and having to take the time to set that in router...just connect the vpn and it works.
Many things can connect to your router, and auto setup port forward, using UPnP, which is very convenient for the typical user, but is a big security risk, as it is known to have security issues, and should a device on your network get malware/virus in any way, it then can easy open ports in your router. Hence why security experts advise to always disable UPnP in your router.
1 Like
The comment wasn't directed at you. I don’t use upnp either.
TLDR: If running Channels-DVR, having a port open just for that service is not an issue.
1 Like
Thank you for the comments!
Thank you!
But i can be,,,in rare cases. An attacker can flood the ip and port and cause severe issues, like DoS like thing.
Some consumer NIC's and routers do not handle that well.
Even in the best case, excessive traffic will cause slowdowns.
But, yes, in general, it is not an issue for 98% of folks.
You don't really have a choice, if you want the easy way to use Remote Access.
My folks Swann CCTV DVR, that is internet connected for remote viewing, their Asus router reports attempted connection to it via the open port from foreign IP's quite frequently. Had over 500 in one day at some point, but its only a few per day on average. normal. At least Asus Ai Protect feature seems to work well.
Hello, very new here. Just went to my Raspberry Pi set up from my Mac (through Samba) and entered as a guest, Is there a way to password protect it? Thank you.