[ previous ] [ next ] [ threads ]
 
 From:  Chris Buechler <cbuechler at gmail dot com>
 To:  Henning Wangerin <mailinglists dash after dash 041101 underscore reply dash not dash possible at hpc dot dk>
 Cc:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] Webcam and captive portal.
 Date:  Thu, 3 Mar 2005 01:38:53 -0500
On Wed, 02 Mar 2005 10:59:41 +0100, Henning Wangerin
<mailinglists dash after dash 041101 underscore reply dash not dash possible at hpc dot dk> wrote:
> 
> It's working greate with the server polling images, with no captive
> portal ;-)
> 
> As all trafic to/from the net-cam is from the LAN _to_ the cam, how do I
> secure it the best?
> 
> My idea is to setup a mac-passthru on the cam, setting up a static IP
> (already done, so the server know where to fetch data from) and stopping
> all outbound connections from the cams IP in the firewall.
> 

That sounds like a reasonable setup.  


> And now my problem: How do I ensure that the mac of the cam is not
> hijacked, and assigned another IP?.
> 

You can't.  Embedded devices of that nature tend to lack a resiliant
TCP/IP stack, or have OS or other issues that make them fall down
under abuse pretty easily.  On some of them, a simple port scan will
knock them off the network, at which point an attacker can assume its
MAC and IP address.  IIRC you're using FTP, so they need not even go
that far to pick up the credentials.  WEP or not, that's easy enough
on a wireless network.

I think you're overly concerned about it, really.  If you have good
reason to be *that* concerned about security, a wireless camera isn't
the way to go.

-Chris