Strange TCP connections from camera to NAS

Technical forum for the hugely popular Hikvison IP range
mipas1
Posts: 3
Joined: Wed Aug 30, 2017 4:48 pm

Strange TCP connections from camera to NAS

Postby mipas1 » Wed Aug 30, 2017 5:04 pm

Hello,

I setup a firewall on my NAS recently and I noticed that my Hikvision IP camera (DS-2CD2142FWD-IS) is trying to connect to NAS on multiple TCP ports that I haven't setup for any service. Looks like the camera is doing some TCP scan or trying to hack my NAS? :D
Below is the log. Is my camera hacked or is this intentional? (I removed the MAC address from the logs).
IP address of my camera is 192.168.2.64 and IP of NAS is 192.168.2.56.

List of ports extracted from the log:
5137, 5626, 5911, 6888, 7012, 7244, 7999, 8038, 8539, 9123, 9245, 9500, 10048, 10154, 10615, 10918, 11220, 11234, 11459, 11848, 11962, 12182, 12324, 12390, 12562, 13539, 13874, 14816, 16257, 17184, 17256, 17562, 17876, 18158, 18417, 19072, 19593, 19986, 20216, 20615, 20645, 20951, 20966, 20974, 21172, 21473, 21634, 21731, 22079, 24919, 25670, 25672, 25832, 26050, 26196, 26841, 27005, 27032, 27825, 28606, 28722, 29125, 29376, 29551, 29994, 30018, 30120, 30862, 31418, 31475, 31503, 32485, 32834, 32846, 33348, 33870, 34162, 34186, 34693, 34954, 35020, 35278, 35891, 35937, 35992, 36363, 37067, 37175, 37370, 37703, 38153, 38427, 38667, 39219, 39345, 39726, 40208, 40542, 40692, 40955, 41262, 41412, 41519, 42155, 42871, 43153, 43182, 43209, 43638, 44740, 44924, 44948, 45233, 45302, 45466, 45504, 45785, 45902, 46378, 46600, 46737, 47100, 47512, 47525, 47565, 47814, 47907, 48348, 48500, 48904, 49144, 49213, 49295, 49356, 49364, 49381, 51068, 51076, 51513, 51808, 52295, 52478, 52617, 52834, 53871, 53877, 54375, 54742, 55025, 55204, 55318, 55358, 55498, 55791, 55816, 56203, 56343, 56523, 56735, 57410, 57847, 58043, 58293, 58559, 58667, 58709, 58932, 59216, 59336, 59394, 59665, 59990, 60099, 60512, 60832, 60886, 61168, 61263, 61477, 61799, 61930, 62530, 63076, 63090, 63448, 63792, 64112, 65254, 65326

Log:
[13484.296497] [UFW BLOCK] IN=enp1s0 OUT= MAC=<removed> SRC=192.168.2.64 DST=192.168.2.56 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=27731 DF PROTO=TCP SPT=47823 DPT=21473 WINDOW=14600 RES=0x00 SYN URGP=0
[13492.858609] [UFW BLOCK] IN=enp1s0 OUT= MAC=<removed> SRC=192.168.2.64 DST=192.168.2.56 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=6740 DF PROTO=TCP SPT=56908 DPT=49144 WINDOW=14600 RES=0x00 SYN URGP=0
[13660.236927] [UFW BLOCK] IN=enp1s0 OUT= MAC=<removed> SRC=192.168.2.64 DST=192.168.2.56 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=14805 DF PROTO=TCP SPT=53579 DPT=53871 WINDOW=14600 RES=0x00 SYN URGP=0
[13661.232026] [UFW BLOCK] IN=enp1s0 OUT= MAC=<removed> SRC=192.168.2.64 DST=192.168.2.56 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=14806 DF PROTO=TCP SPT=53579 DPT=53871 WINDOW=14600 RES=0x00 SYN URGP=0
[13663.232847] [UFW BLOCK] IN=enp1s0 OUT= MAC=<removed> SRC=192.168.2.64 DST=192.168.2.56 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=14807 DF PROTO=TCP SPT=53579 DPT=53871 WINDOW=14600 RES=0x00 SYN URGP=0
[13670.378758] [UFW BLOCK] IN=enp1s0 OUT= MAC=<removed> SRC=192.168.2.64 DST=192.168.2.56 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=24901 DF PROTO=TCP SPT=52384 DPT=59336 WINDOW=14600 RES=0x00 SYN URGP=0
[13671.376338] [UFW BLOCK] IN=enp1s0 OUT= MAC=<removed> SRC=192.168.2.64 DST=192.168.2.56 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=24902 DF PROTO=TCP SPT=52384 DPT=59336 WINDOW=14600 RES=0x00 SYN URGP=0
[13673.377057] [UFW BLOCK] IN=enp1s0 OUT= MAC=<removed> SRC=192.168.2.64 DST=192.168.2.56 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=24903 DF PROTO=TCP SPT=52384 DPT=59336 WINDOW=14600 RES=0x00 SYN URGP=0
[13678.492359] [UFW BLOCK] IN=enp1s0 OUT= MAC=<removed> SRC=192.168.2.64 DST=192.168.2.56 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=21115 DF PROTO=TCP SPT=60843 DPT=33348 WINDOW=14600 RES=0x00 SYN URGP=0
[13679.489500] [UFW BLOCK] IN=enp1s0 OUT= MAC=<removed> SRC=192.168.2.64 DST=192.168.2.56 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=21116 DF PROTO=TCP SPT=60843 DPT=33348 WINDOW=14600 RES=0x00 SYN URGP=0
[13681.490382] [UFW BLOCK] IN=enp1s0 OUT= MAC=<removed> SRC=192.168.2.64 DST=192.168.2.56 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=21117 DF PROTO=TCP SPT=60843 DPT=33348 WINDOW=14600 RES=0x00 SYN URGP=0
[13700.470701] [UFW BLOCK] IN=enp1s0 OUT= MAC=<removed> SRC=192.168.2.64 DST=192.168.2.56 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=56059 DF PROTO=TCP SPT=56167 DPT=9245 WINDOW=14600 RES=0x00 SYN URGP=0
[13713.453551] [UFW BLOCK] IN=enp1s0 OUT= MAC=<removed> SRC=192.168.2.64 DST=192.168.2.56 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=29380 DF PROTO=TCP SPT=39708 DPT=9500 WINDOW=14600 RES=0x00 SYN URGP=0
[13802.656852] [UFW BLOCK] IN=enp1s0 OUT= MAC=<removed> SRC=192.168.2.64 DST=192.168.2.56 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=32078 DF PROTO=TCP SPT=40458 DPT=10048 WINDOW=14600 RES=0x00 SYN URGP=0
[13803.650907] [UFW BLOCK] IN=enp1s0 OUT= MAC=<removed> SRC=192.168.2.64 DST=192.168.2.56 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=32079 DF PROTO=TCP SPT=40458 DPT=10048 WINDOW=14600 RES=0x00 SYN URGP=0
[13805.651729] [UFW BLOCK] IN=enp1s0 OUT= MAC=<removed> SRC=192.168.2.64 DST=192.168.2.56 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=32080 DF PROTO=TCP SPT=40458 DPT=10048 WINDOW=14600 RES=0x00 SYN URGP=0
[13812.655536] [UFW BLOCK] IN=enp1s0 OUT= MAC=<removed> SRC=192.168.2.64 DST=192.168.2.56 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=60987 DF PROTO=TCP SPT=38419 DPT=47907 WINDOW=14600 RES=0x00 SYN URGP=0
[13813.655169] [UFW BLOCK] IN=enp1s0 OUT= MAC=<removed> SRC=192.168.2.64 DST=192.168.2.56 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=60988 DF PROTO=TCP SPT=38419 DPT=47907 WINDOW=14600 RES=0x00 SYN URGP=0
[13832.938167] [UFW BLOCK] IN=enp1s0 OUT= MAC=<removed> SRC=192.168.2.64 DST=192.168.2.56 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=4798 DF PROTO=TCP SPT=48075 DPT=63792 WINDOW=14600 RES=0x00 SYN URGP=0
[13855.577759] [UFW BLOCK] IN=enp1s0 OUT= MAC=<removed> SRC=192.168.2.64 DST=192.168.2.56 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=31047 DF PROTO=TCP SPT=53255 DPT=59990 WINDOW=14600 RES=0x00 SYN URGP=0
[13874.533043] [UFW BLOCK] IN=enp1s0 OUT= MAC=<removed> SRC=192.168.2.64 DST=192.168.2.56 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=23652 DF PROTO=TCP SPT=43306 DPT=19986 WINDOW=14600 RES=0x00 SYN URGP=0
[13896.884490] [UFW BLOCK] IN=enp1s0 OUT= MAC=<removed> SRC=192.168.2.64 DST=192.168.2.56 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=18332 DF PROTO=TCP SPT=54556 DPT=29994 WINDOW=14600 RES=0x00 SYN URGP=0
[13916.042953] [UFW BLOCK] IN=enp1s0 OUT= MAC=<removed> SRC=192.168.2.64 DST=192.168.2.56 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=42098 DF PROTO=TCP SPT=37477 DPT=51076 WINDOW=14600 RES=0x00 SYN URGP=0
[13934.655109] [UFW BLOCK] IN=enp1s0 OUT= MAC=<removed> SRC=192.168.2.64 DST=192.168.2.56 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=49024 DF PROTO=TCP SPT=37922 DPT=11459 WINDOW=14600 RES=0x00 SYN URGP=0
[13954.353304] [UFW BLOCK] IN=enp1s0 OUT= MAC=<removed> SRC=192.168.2.64 DST=192.168.2.56 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=40226 DF PROTO=TCP SPT=39749 DPT=55318 WINDOW=14600 RES=0x00 SYN URGP=0
[13979.552956] [UFW BLOCK] IN=enp1s0 OUT= MAC=<removed> SRC=192.168.2.64 DST=192.168.2.56 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=2970 DF PROTO=TCP SPT=44223 DPT=51808 WINDOW=14600 RES=0x00 SYN URGP=0
[14076.904220] [UFW BLOCK] IN=enp1s0 OUT= MAC=<removed> SRC=192.168.2.64 DST=192.168.2.56 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=38379 DF PROTO=TCP SPT=50854 DPT=64112 WINDOW=14600 RES=0x00 SYN URGP=0
[14077.904327] [UFW BLOCK] IN=enp1s0 OUT= MAC=<removed> SRC=192.168.2.64 DST=192.168.2.56 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=38380 DF PROTO=TCP SPT=50854 DPT=64112 WINDOW=14600 RES=0x00 SYN URGP=0
[14079.905124] [UFW BLOCK] IN=enp1s0 OUT= MAC=<removed> SRC=192.168.2.64 DST=192.168.2.56 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=38381 DF PROTO=TCP SPT=50854 DPT=64112 WINDOW=14600 RES=0x00 SYN URGP=0
[14086.500495] [UFW BLOCK] IN=enp1s0 OUT= MAC=<removed> SRC=192.168.2.64 DST=192.168.2.56 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=24579 DF PROTO=TCP SPT=48580 DPT=35278 WINDOW=14600 RES=0x00 SYN URGP=0
[14087.498289] [UFW BLOCK] IN=enp1s0 OUT= MAC=<removed> SRC=192.168.2.64 DST=192.168.2.56 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=24580 DF PROTO=TCP SPT=48580 DPT=35278 WINDOW=14600 RES=0x00 SYN URGP=0
[14094.647705] [UFW BLOCK] IN=enp1s0 OUT= MAC=<removed> SRC=192.168.2.64 DST=192.168.2.56 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=7948 DF PROTO=TCP SPT=48374 DPT=45302 WINDOW=14600 RES=0x00 SYN URGP=0
[14119.964760] [UFW BLOCK] IN=enp1s0 OUT= MAC=<removed> SRC=192.168.2.64 DST=192.168.2.56 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=36824 DF PROTO=TCP SPT=49670 DPT=43638 WINDOW=14600 RES=0x00 SYN URGP=0
[14137.474749] [UFW BLOCK] IN=enp1s0 OUT= MAC=<removed> SRC=192.168.2.64 DST=192.168.2.56 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=51956 DF PROTO=TCP SPT=60468 DPT=44740 WINDOW=14600 RES=0x00 SYN URGP=0
[14170.564659] [UFW BLOCK] IN=enp1s0 OUT= MAC=<removed> SRC=192.168.2.64 DST=192.168.2.56 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=49104 DF PROTO=TCP SPT=41685 DPT=37175 WINDOW=14600 RES=0x00 SYN URGP=0
[14173.563943] [UFW BLOCK] IN=enp1s0 OUT= MAC=<removed> SRC=192.168.2.64 DST=192.168.2.56 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=49106 DF PROTO=TCP SPT=41685 DPT=37175 WINDOW=14600 RES=0x00 SYN URGP=0
[14198.596129] [UFW BLOCK] IN=enp1s0 OUT= MAC=<removed> SRC=192.168.2.64 DST=192.168.2.56 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=9445 DF PROTO=TCP SPT=37124 DPT=27032 WINDOW=14600 RES=0x00 SYN URGP=0
[14228.560718] [UFW BLOCK] IN=enp1s0 OUT= MAC=<removed> SRC=192.168.2.64 DST=192.168.2.56 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=3358 DF PROTO=TCP SPT=51036 DPT=63076 WINDOW=14600 RES=0x00 SYN URGP=0
[14238.132229] [UFW BLOCK] IN=enp1s0 OUT= MAC=<removed> SRC=192.168.2.64 DST=192.168.2.56 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=34583 DF PROTO=TCP SPT=47291 DPT=54742 WINDOW=14600 RES=0x00 SYN URGP=0
[14256.315914] [UFW BLOCK] IN=enp1s0 OUT= MAC=<removed> SRC=192.168.2.64 DST=192.168.2.56 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=58758 DF PROTO=TCP SPT=33362 DPT=51068 WINDOW=14600 RES=0x00 SYN URGP=0
[14327.125534] [UFW BLOCK] IN=enp1s0 OUT= MAC=<removed> SRC=192.168.2.64 DST=192.168.2.56 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=27371 DF PROTO=TCP SPT=34339 DPT=34954 WINDOW=14600 RES=0x00 SYN URGP=0
[14328.117964] [UFW BLOCK] IN=enp1s0 OUT= MAC=<removed> SRC=192.168.2.64 DST=192.168.2.56 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=27372 DF PROTO=TCP SPT=34339 DPT=34954 WINDOW=14600 RES=0x00 SYN URGP=0
[14330.118797] [UFW BLOCK] IN=enp1s0 OUT= MAC=<removed> SRC=192.168.2.64 DST=192.168.2.56 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=27373 DF PROTO=TCP SPT=34339 DPT=34954 WINDOW=14600 RES=0x00 SYN URGP=0
[14337.911391] [UFW BLOCK] IN=enp1s0 OUT= MAC=<removed> SRC=192.168.2.64 DST=192.168.2.56 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=54301 DF PROTO=TCP SPT=58308 DPT=21731 WINDOW=14600 RES=0x00 SYN URGP=0
[14355.560672] [UFW BLOCK] IN=enp1s0 OUT= MAC=<removed> SRC=192.168.2.64 DST=192.168.2.56 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=19038 DF PROTO=TCP SPT=59847 DPT=48500 WINDOW=14600 RES=0x00 SYN URGP=0
[14525.577551] [UFW BLOCK] IN=enp1s0 OUT= MAC=<removed> SRC=192.168.2.64 DST=192.168.2.56 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=59540 DF PROTO=TCP SPT=41501 DPT=34693 WINDOW=14600 RES=0x00 SYN URGP=0
[14526.569973] [UFW BLOCK] IN=enp1s0 OUT= MAC=<removed> SRC=192.168.2.64 DST=192.168.2.56 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=59541 DF PROTO=TCP SPT=41501 DPT=34693 WINDOW=14600 RES=0x00 SYN URGP=0
[14528.570770] [UFW BLOCK] IN=enp1s0 OUT= MAC=<removed> SRC=192.168.2.64 DST=192.168.2.56 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=59542 DF PROTO=TCP SPT=41501 DPT=34693 WINDOW=14600 RES=0x00 SYN URGP=0
[14538.400833] [UFW BLOCK] IN=enp1s0 OUT= MAC=<removed> SRC=192.168.2.64 DST=192.168.2.56 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=50732 DF PROTO=TCP SPT=34838 DPT=63448 WINDOW=14600 RES=0x00 SYN URGP=0
[14539.395331] [UFW BLOCK] IN=enp1s0 OUT= MAC=<removed> SRC=192.168.2.64 DST=192.168.2.56 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=50733 DF PROTO=TCP SPT=34838 DPT=63448 WINDOW=14600 RES=0x00 SYN URGP=0
[14541.396198] [UFW BLOCK] IN=enp1s0 OUT= MAC=<removed> SRC=192.168.2.64 DST=192.168.2.56 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=50734 DF PROTO=TCP SPT=34838 DPT=63448 WINDOW=14600 RES=0x00 SYN URGP=0
[14547.973343] [UFW BLOCK] IN=enp1s0 OUT= MAC=<removed> SRC=192.168.2.64 DST=192.168.2.56 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=51896 DF PROTO=TCP SPT=51955 DPT=59216 WINDOW=14600 RES=0x00 SYN URGP=0
[14548.969222] [UFW BLOCK] IN=enp1s0 OUT= MAC=<removed> SRC=192.168.2.64 DST=192.168.2.56 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=51897 DF PROTO=TCP SPT=51955 DPT=59216 WINDOW=14600 RES=0x00 SYN URGP=0
[14550.970041] [UFW BLOCK] IN=enp1s0 OUT= MAC=<removed> SRC=192.168.2.64 DST=192.168.2.56 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=51898 DF PROTO=TCP SPT=51955 DPT=59216 WINDOW=14600 RES=0x00 SYN URGP=0
[14556.687109] [UFW BLOCK] IN=enp1s0 OUT= MAC=<removed> SRC=192.168.2.64 DST=192.168.2.56 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=27809 DF PROTO=TCP SPT=56072 DPT=35937 WINDOW=14600 RES=0x00 SYN URGP=0
[14595.808258] [UFW BLOCK] IN=enp1s0 OUT= MAC=<removed> SRC=192.168.2.64 DST=192.168.2.56 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=64041 DF PROTO=TCP SPT=54767 DPT=25832 WINDOW=14600 RES=0x00 SYN URGP=0
[14596.799999] [UFW BLOCK] IN=enp1s0 OUT= MAC=<removed> SRC=192.168.2.64 DST=192.168.2.56 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=64042 DF PROTO=TCP SPT=54767 DPT=25832 WINDOW=14600 RES=0x00 SYN URGP=0
[14613.806791] [UFW BLOCK] IN=enp1s0 OUT= MAC=<removed> SRC=192.168.2.64 DST=192.168.2.56 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=30483 DF PROTO=TCP SPT=45668 DPT=63090 WINDOW=14600 RES=0x00 SYN URGP=0
[14651.405265] [UFW BLOCK] IN=enp1s0 OUT= MAC=<removed> SRC=192.168.2.64 DST=192.168.2.56 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=47266 DF PROTO=TCP SPT=36244 DPT=47100 WINDOW=14600 RES=0x00 SYN URGP=0
[14654.402932] [UFW BLOCK] IN=enp1s0 OUT= MAC=<removed> SRC=192.168.2.64 DST=192.168.2.56 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=47268 DF PROTO=TCP SPT=36244 DPT=47100 WINDOW=14600 RES=0x00 SYN URGP=0
[14673.780874] [UFW BLOCK] IN=enp1s0 OUT= MAC=<removed> SRC=192.168.2.64 DST=192.168.2.56 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=11468 DF PROTO=TCP SPT=44650 DPT=32846 WINDOW=14600 RES=0x00 SYN URGP=0
[14745.567557] [UFW BLOCK] IN=enp1s0 OUT= MAC=<removed> SRC=192.168.2.64 DST=192.168.2.56 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=13781 DF PROTO=TCP SPT=41990 DPT=25672 WINDOW=14600 RES=0x00 SYN URGP=0
[14746.561033] [UFW BLOCK] IN=enp1s0 OUT= MAC=<removed> SRC=192.168.2.64 DST=192.168.2.56 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=13782 DF PROTO=TCP SPT=41990 DPT=25672 WINDOW=14600 RES=0x00 SYN URGP=0
[14748.561830] [UFW BLOCK] IN=enp1s0 OUT= MAC=<removed> SRC=192.168.2.64 DST=192.168.2.56 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=13783 DF PROTO=TCP SPT=41990 DPT=25672 WINDOW=14600 RES=0x00 SYN URGP=0
[14775.382951] [UFW BLOCK] IN=enp1s0 OUT= MAC=<removed> SRC=192.168.2.64 DST=192.168.2.56 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=53549 DF PROTO=TCP SPT=51696 DPT=45466 WINDOW=14600 RES=0x00 SYN URGP=0
[14776.383317] [UFW BLOCK] IN=enp1s0 OUT= MAC=<removed> SRC=192.168.2.64 DST=192.168.2.56 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=53550 DF PROTO=TCP SPT=51696 DPT=45466 WINDOW=14600 RES=0x00 SYN URGP=0
[14794.747606] [UFW BLOCK] IN=enp1s0 OUT= MAC=<removed> SRC=192.168.2.64 DST=192.168.2.56 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=880 DF PROTO=TCP SPT=58099 DPT=61799 WINDOW=14600 RES=0x00 SYN URGP=0
[14883.577198] [UFW BLOCK] IN=enp1s0 OUT= MAC=<removed> SRC=192.168.2.64 DST=192.168.2.56 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=62895 DF PROTO=TCP SPT=33048 DPT=5626 WINDOW=14600 RES=0x00 SYN URGP=0
[14884.568064] [UFW BLOCK] IN=enp1s0 OUT= MAC=<removed> SRC=192.168.2.64 DST=192.168.2.56 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=62896 DF PROTO=TCP SPT=33048 DPT=5626 WINDOW=14600 RES=0x00 SYN URGP=0
[14886.568874] [UFW BLOCK] IN=enp1s0 OUT= MAC=<removed> SRC=192.168.2.64 DST=192.168.2.56 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=62897 DF PROTO=TCP SPT=33048 DPT=5626 WINDOW=14600 RES=0x00 SYN URGP=0
[14893.828405] [UFW BLOCK] IN=enp1s0 OUT= MAC=<removed> SRC=192.168.2.64 DST=192.168.2.56 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=18893 DF PROTO=TCP SPT=40640 DPT=11962 WINDOW=14600 RES=0x00 SYN URGP=0
[14894.822394] [UFW BLOCK] IN=enp1s0 OUT= MAC=<removed> SRC=192.168.2.64 DST=192.168.2.56 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=18894 DF PROTO=TCP SPT=40640 DPT=11962 WINDOW=14600 RES=0x00 SYN URGP=0

Thanks.

adam
Site Admin
Posts: 130
Joined: Thu Jul 14, 2016 2:50 pm

Re: Strange TCP connections from camera to NAS

Postby adam » Thu Aug 31, 2017 5:30 pm

Hmmm - this could be UPNP - allocating ports to teh device and it not working correctly. Try disabling UPNP

mipas1
Posts: 3
Joined: Wed Aug 30, 2017 4:48 pm

Re: Strange TCP connections from camera to NAS

Postby mipas1 » Thu Aug 31, 2017 5:42 pm

Upnp is disabled. Anything else that might be causing this?

mipas1
Posts: 3
Joined: Wed Aug 30, 2017 4:48 pm

Re: Strange TCP connections from camera to NAS

Postby mipas1 » Thu Aug 31, 2017 6:46 pm

I've set up a honeypot on one of these ports. I will analyze the data coming from camera to the honeypot once it will connect.


Who is online

Users browsing this forum: Google [Bot] and 1 guest