You need to do the packet capture for 24/7 24hrs 7days, sometimes the devices only phone "home" at odd hours of the morning eg 2-3am when most are not probably monitoring

Heya, I found it's not the cameras that connect out it's the nvr that connects back to China. When using the nvr it doesn't redirect the plugin to the nvr it goes External.

Mate - new desk and new camera. Great vid. The camera looks awesome on your screen.

Love that night vision colour... Great video .

Another great video, keep them coming!

Where did you source the camera from? Local distributor or from direct from vendor? I would be concerned about about firmware if coming directly from vendor. I would flash firmware from their website before testing for more real world likeness.

yet another great video, thanks😀 Any plans on enlighten us about Home Assistant and its call home feature at setup and mayby your use of HA?

Years ago, discovered that Hikvision could bypass any admin lost password by simply having your serial number. They’d supply a password for admin that could be used once to get in.😮

I have a similiar color-nightvision camera and concrete and grass looks amazing at night, but try to identify the face of a normal walking person. that is the interesting part and that is at most avarage, at least on my camera compared to an old style camera with infrared light.

Thanks chap.

Sweet score on the camera! Quite happy to send you a few legit dodgy ip cams that have hardcored admin rights built into the firmware! It's mostly HiSilicon devices though aka Huawei.

You're clearly using Hik's export market cameras. Pull in a few of the Chinese Hik's from TaoBao and maybe you'll get different results. I use the Chinese versions because they're a lot cheaper (save the shipping costs!).

I have (kind of) the previous version of that camera, a Hikvision ColorVu with a 2.8mm lens. A Norwegian security company found I think it was 18 vulnerabilities in the firmware which is why starting in 2018 Hikvision cameras, along with Dahua and Huawei were banned from all USA federal agencies, so use Chinese cameras at your own risk.

Didn't anyone noticed that the certs I showed from the openssl command weren't valid anymore?

1:20 What episode of Nugget Garage is that?

Would this work on a different nvr like reolink

Not being a network guy (accountant here), I did wonder if there was any actual basis to these claims of network spying. As I understood it, the Huawei code that had been subject to an audit in Europe turned up no bad stuff except some pretty rough and ordinary coding. Embarrassing enough I'd have thought. I would guess it would be the same for many other chinese manufacturers. So I was fascinated to see you do a simple version of exactly the kind of analysis that I'd have thought would be definitive and clearly resolve the issue. I guess that you'll be keeping an eye on whatever else this camera comes up with over time - there are those who believe that these things only "phone home" after a settling in period - and let us know if anything anomalous shows up.

do you know how i could setup my edgerouter to do dnat for time and dns? btw, thank you for videos

Debian11 no longer supports RTSP in VLC apparently. Any work arounds? Been trying to compile it from source but no luck always coming into errors.

I usually zero out the DNS settings in the camera, do you think that would be effective if they were phoning home?

I have a Hikvision domecamera and it always try to connect some server. It is about 6k queries a day. I did post a comment with that URL but it seems that is was removed.

very interesting, ive just bought a modern Hik NVR to go on my CCTV network, I am amazed at the level of in-NVR functionality, and the new PTZ cameras also have this functionality "ai" face recog, car plates, anti animal, warning bells and whistles, etc etc, however yes points taken regarding remote access by the Shadowy or Chinese guys... Shame you guys cannot get it in australia? does that mean domestic sales and imports banned ?

do you still stream tv to your network? can you make an update video on how you do it? thx

Try frigate for a cat sensor

Typically reticence in government stems from a supply chain involvement where they are concerned about one or more component suppliers of components to a device; this was the case with a particular brand of server (a scandal erupted a couple of years ago about "spy chips" being installed on the motherboards used in this brand's server). I am just recalling what I read, they may push the national recommendation out from that. Government networks aren't at all consistent sadly, quality and security standards vary wildly and are often driven by internal political considerations first and foremost. As for the camera - that's amazing, love the scope - though that may be too much here in the UK, if your security camera can see people outside your property everyone gets upset and the courts get involved. How much are those things?

hiksdk is their proprietary stuff

the arp request to 128 is most likely looking for the firmware server

Here have a clean camera to show ppl it's good . Lol a short documentary in the UK last showed other wise 🤔

Hi Paul, greeting from Poland, following your channel since a couple of months, great content ! I am looking for a good port mirror device like yours, could you please provide the manufacturer of that particular device ?

as i said before, out of the box there’s no way it would phone home. Instead you would include a method to ‘illuminate’ it remotely via a crafted dns response for example.

As a precaution, I run all my client's Hikvision cameras without DNS, and the DVR itself is always geo-fenced to within Australia only. I trust these cameras about as far as I could spit them out.

Why do you hate cats so much?

Well obviously they are going to send you one with "clean" firmware! If you want to catch a company doing no good then watch for suspiciously cheap ebay deals, then evaluate what you get. When you find something dodgy as I did, like NTP settings that keep returning to an NTP server controlled by the PLA in mainland China, even after you manually set them, contact the seller or manufacturer and do not be surprised if they play dumb but offer to upgrade your camera OTA. Obviously there are multiple issues there, such as hardware being only one OTA update from running anything the PLA wants, so you must lock them down as you have shown. I personally still would not trust them and would rather spend a lot more money on the parts to build my own cameras from scratch. There is a good business opportunity there for an Aussie who wants to sell locally assembled and certified gear.