• October 31, 2024, 05:19:17 PM
  • Welcome, Guest
Please login or register.

Login with username, password and session length
Advanced search  

News:

This Forum Beta is ONLY for registered owners of D-Link products in the USA for which we have created boards at this time.

Author Topic: DSC-2630L attacked from XXX.XXX.XX.XXX Classification: "WEB Remote Command"  (Read 12259 times)

user100

  • Level 1 Member
  • *
  • Posts: 5
DSC-2630L attacked from XXX.XXX.XX.XXX Classification: "WEB Remote Command"
« on: January 02, 2019, 03:30:32 AM »
DCS-2630L
Firmware Version: 1.05.02

I recent changed my router to TP Deco router. I used their build-in antivirus tool (TrendMicro). As soon as I started the protection, I received notice, from time to time, that my DSC-2630L was being attached from XXX.XXX.XX.XXX Classification: "WEB Remote Command".

Is it some security loophole for this product? What should I do?

Thank you.
Logged

GreenBay42

  • Administrator
  • Level 11 Member
  • *
  • Posts: 2752
Re: DSC-2630L attacked from XXX.XXX.XX.XXX Classification: "WEB Remote Command"
« Reply #1 on: January 02, 2019, 08:28:17 AM »
i will forward this to the security team to see if this is an issue. The camera will send and receive data from the mydlink servers so the router may be detecting that.
Logged

FurryNutz

  • Poweruser
  •   ▲
    ▲ ▲
  • *****
  • Posts: 49923
  • D-Link Global Forum Moderator
    • Router Troubleshooting
Re: DSC-2630L attacked from XXX.XXX.XX.XXX Classification: "WEB Remote Command"
« Reply #2 on: January 02, 2019, 11:11:54 AM »
What is this number? XXX.XXX.XX.XXX


Quote from: user100 on January 02, 2019, 03:30:32 AM
DCS-2630L
Firmware Version: 1.05.02

I recent changed my router to TP Deco router. I used their build-in antivirus tool (TrendMicro). As soon as I started the protection, I received notice, from time to time, that my DSC-2630L was being attached from XXX.XXX.XX.XXX Classification: "WEB Remote Command".

Is it some security loophole for this product? What should I do?

Thank you.
Logged
Cable: 1Gb/50Mb>NetGear CM1200>DIR-882>HP 24pt Gb Switch. COVR-1202/2202/3902,DIR-2660/80,3xDGL-4500s,DIR-LX1870,857,835,827,815,890L,880L,868L,836L,810L,685,657,3x655s,645,628,601,DNR-202L,DNS-345,DCS-933L,936L,960L and 8000LH.

user100

  • Level 1 Member
  • *
  • Posts: 5
Re: DSC-2630L attacked from XXX.XXX.XX.XXX Classification: "WEB Remote Command"
« Reply #3 on: January 02, 2019, 01:02:37 PM »
The numbers include:
205.185.113.123
119.23.68.83
104.248.161.171
37.53.77.129
183.233.238.67
209.141.57.239
205.185.115.94

These numbers do not appear at the same time (ie Each time the attack is from different addresses)
Logged

GreenBay42

  • Administrator
  • Level 11 Member
  • *
  • Posts: 2752
Re: DSC-2630L attacked from XXX.XXX.XX.XXX Classification: "WEB Remote Command"
« Reply #4 on: January 02, 2019, 01:11:29 PM »
Try resetting the camera and setup again. Reflash the firmware - Make sure you get the firmware from support.dlink.com/dcs-2630L or tsd.dlink.com.tw.

Are any other devices on your network getting similar "attacks"?
Logged

FurryNutz

  • Poweruser
  •   ▲
    ▲ ▲
  • *****
  • Posts: 49923
  • D-Link Global Forum Moderator
    • Router Troubleshooting
Re: DSC-2630L attacked from XXX.XXX.XX.XXX Classification: "WEB Remote Command"
« Reply #5 on: January 02, 2019, 02:29:07 PM »
You can see who these IPs belong to at https://whois.domaintools.com

Quote from: user100 on January 02, 2019, 01:02:37 PM
The numbers include:
205.185.113.123
119.23.68.83
104.248.161.171
37.53.77.129
183.233.238.67
209.141.57.239
205.185.115.94

These numbers do not appear at the same time (ie Each time the attack is from different addresses)
Logged
Cable: 1Gb/50Mb>NetGear CM1200>DIR-882>HP 24pt Gb Switch. COVR-1202/2202/3902,DIR-2660/80,3xDGL-4500s,DIR-LX1870,857,835,827,815,890L,880L,868L,836L,810L,685,657,3x655s,645,628,601,DNR-202L,DNS-345,DCS-933L,936L,960L and 8000LH.

user100

  • Level 1 Member
  • *
  • Posts: 5
Re: DSC-2630L attacked from XXX.XXX.XX.XXX Classification: "WEB Remote Command"
« Reply #6 on: January 03, 2019, 12:05:27 AM »
Quote from: GreenBay42 on January 02, 2019, 01:11:29 PM
Try resetting the camera and setup again. Reflash the firmware - Make sure you get the firmware from support.dlink.com/dcs-2630L or tsd.dlink.com.tw.

Are any other devices on your network getting similar "attacks"?

On my network, I also have a NAS, an Edimax IP cam, Compro IP cam, TP link Smart plug, WIFI printer. However, they did not receive any attacks notification. Yes, the latest firmware is from the official website of Dlink.
Logged

user100

  • Level 1 Member
  • *
  • Posts: 5
Re: DSC-2630L attacked from XXX.XXX.XX.XXX Classification: "WEB Remote Command"
« Reply #7 on: January 03, 2019, 12:29:27 AM »
I just checked. All IP is from a company which I don't know.
Further, I read the Antivirus History again and found several entry on the attack of my DSC-2630L is "Classification: WEB D-Link DSL-2750B". Just want to know whether there are any security issue for DSC-2630L generally?


Quote from: FurryNutz on January 02, 2019, 02:29:07 PM
You can see who these IPs belong to at https://whois.domaintools.com

Quote from: user100 on January 02, 2019, 01:02:37 PM
The numbers include:
205.185.113.123
119.23.68.83
104.248.161.171
37.53.77.129
183.233.238.67
209.141.57.239
205.185.115.94

These numbers do not appear at the same time (ie Each time the attack is from different addresses)
Logged