How would you go about implementing a home security system yourself?
I'm guessing the shitty market necessitates isolating all chinese botnet devices on a VLAN, and firewalling it almost completely, especially if devices end up IPv6 addressable.
A good automation flow for cameras seems to be the following: 1) monitor standard definition stream of camera with en.wikipedia.org/wiki/Motion_(surveillance_software) 2) if motion is detected, start capturing high definition stream, and write to disk 3) send email and/or text message when motion is detected 4) for all files written to a directory, upload them to amazon cloud drive
But, aside from that, what cameras are bare bones and don't have dozens of convenience features that open ports via UPnP or contact the vendor?
Or is the only option analog CCTV for the paranoid? That makes it hard to monitor streams for motion, though.
Buying components wholesale, fitting them into a waterproof housing, and writing the entire software stack is a bit out of scope :^)
Having said that, the chinese shit is marked up quite a bit. The state of the market is really sad, and normalfags buy it up so they can watch their dog move around the house at work.
Thomas Fisher
You could just connect a SBC to a USB webcam. Motion still works on that. I've tried it with an Odroid C1+ and it worked well enough. You'd probably want something more robust for outdoor use, but surely someone's made a USB outdoor camera.
Dylan Gonzalez
The problem is that I want a non-shit camera. Think infared to at least 50m. ~3MP. The market is absolute dogshit. The way I want to go about it makes it easy to isolate the botnet (4 cameras->PoE switch->openwrt router) but it's just a sad state all around.
Bentley Green
Block all external traffic to the camera in your router, then run a secure server to encrypt and forward the stream.
Landon Bailey
Webcam>ffmpeg still frames>diff checking script
If diff is greater than set threshold
Pysftp upload script>vps>management scrips
From there, it's an issue of how much you want to keep and whether or not you want to do some more advanced stuff like face/license plate recognition or alerts based off of a certain set of conditions. I'm also working on remote locks and lights.
Wyatt Ramirez
holy shit, that twitter thread is nuts. hilarious how it gets infected the moment you boot it up.
Easton Williams
How did the attacker first found the device. Did the camera ping a server which in turn made the attack?
Jonathan Reyes
Wait, what the fuck, why is it getting infected that quickly? Do people really scan your ports every minute?
Or is it because the camera came pre-infected?
Dylan Baker
With a decent uplink Zmap can port scan the entire IPv4 address space in less than an hour from a single machine. Yes it happens all the time, just leave a HTTP server running for a while and check your logs for greetings from china.
Mason Cruz
More like every 2 - 3 seconds, the log in my Cisco ASA is full of botnets checking to see if telnet is open so it can try default passwords on webcams
Brayden Young
nevermind i was retarded, it is every minute or so, i just looked at the entries where some fag tries 3 times in a row
Samuel Adams
How does this work? How many people are out there indiscriminately scanning everything? Doesn't it take a long time to scan each IP?
Juan Cook
1 person with a decent connection can scan every single ipv4 address in an hour with zmap
Aaron Reyes
from what i read, it is generally just other infected webcams scanning netblocks of major ISPs. I really doubt they have a TCP stack robust enough to handle that many open connections. But when you have shit tons of compromised devices you end up with previous pic related.
Maybe I'm thinking of this wrong, but 60*60/(256^4*65536) gives 12.7 picoseconds per port per IP. Just the ping alone already takes seconds.
So it's like an exponentially growing botnet? That's kinda neat. Do they all talk to each other and coordinate the scans, or is each bot doing its own scan (and sometimes multiple bots needlessly scan the same IP)?
Nolan Gonzalez
You wouldn't scan every port, just the one you know your targeted model listens on
Jackson Morgan
5 minutes? Really?
Anyway, I just started an nginx server and forwarded port 80, I looked at access logs after 10 minutes and saw 4 requests.
Aiden Cruz
Okay, so multiply by 65536. Still 800 ns, or 0.8 ms per IP.
I suppose if there are 1000 people out there constantly scanning 22 it's feasible, though.
Angel Morgan
you dont ping, that takes as long as trying to connect to a port. also tons of stuff on the internet dont respond to icmp.
and fuck if i know how it works. go through kerb's blog and you can probably find out.
Jordan Parker
I don't even know at what point in my post gave you the idea that I need my hand held to access the camera remotely. I was just wondering if there's a brand of decent cameras out there that's not pandering to normalfags by telling them to "DOWNLOAD OUR APP WE CONNECT YOUR CAMERA TO A P2P SWARM BY DEFAULT ITS VERY SECURE :^)"
ohh,, yes, you buy camera . buy more camera for more bitcoins mine. we appreciate you use our camera and thank you for business.
Liam Bennett
Fucking chinks. Are there even any cameras made in USA?
Joshua Martin
Christ, those make the marked up prices of the chink cameras look reasonable. Guess I'll just bite the bullet and make sure that garbage can't cross the WAN.
Michael Bell
has anyone seen someone fuck on this?
Luis Martinez
like most cisco gear just buy used shit off ebay. they have cisco cameras which are $20-$50
You know, that's a really good question. Is there a single camera manufactured entirely in the USA from pcb to final assembly? That doesn't get its firmware encrypted with chink bitcoin miners straight from the factory?
Leo Lopez
No shit, Cisco is for enterprises. Their temporary networks at the RNC and DNC were estimated to cost eight million apiece. Any home surveillance system is going to cost a lot of money, even with FOSS.
No. The closest is a company in the UK, and their cameras are 1. marketed to national governments, 2. confidential (and not for sale) to the public, and 3. more expensive than a second-hand car.
Jack Walker
Not really, you can get the chink cameras for $100 a piece. PoE switch, $60 Pre-set length or crimping your own cables, a few hundred dollars.
That's a start. Next is sensors, I'm probably going to use zigbee or z-wave, run it all through github.com/home-assistant/home-assistant That's a few hundred dollars more depending on how many sensors I want to waste money on.
I already have a control panel and wired sensors but it's probably not feasible to include them in the upgraded system, unless I took out the old panel and stuck a raspi or some shit in there. So, $30 for a cheap chink tablet to act as a control panel. But, probably not needed because I think home-assistant has an ability to query for wireless devices to see if you're "home" for disarming.
Otherwise security would just be handled by the gun in my dresser. But I just want the cameras because there have been robberies around here.
Thomas Morris
Good belt and suspenders approach. I have a couple cameras in conspicuous spots (and a couple more inconspicuous) to discourage thieves. Firepower is backup for those who don't take the hint.
