Author Topic: Quick Security question  (Read 4277 times)

Offline binder1000

  • Newbie
  • *
  • Posts: 2
  • Karma: +0/-0
Quick Security question
« on: May 26, 2010, 01:33:59 pm »
Hi Guys, I'm new to this forum and I had a question about the vera. I have had it for 9 months now and like it but I was looking through my security reports and I noticed that the vera was doing port scans. Has anyone else had similar issues? I'm running on UI3.

Binder1000

Offline micasaverde

  • Administrator
  • Hero Member
  • *****
  • Posts: 1667
  • Karma: +15/-1
Re: Quick Security question
« Reply #1 on: May 28, 2010, 04:22:27 pm »
I'm not aware of port scans; I don't think that happens.  We do listen on the network for broadcast DHCP packets and anytime a new devices try to ping to see if it's a camera, gc100, etc.

Offline guessed

  • Master Member
  • *******
  • Posts: 5294
  • Karma: +90/-22
  • Release compat is not a bolted-on afterthought
Re: Quick Security question
« Reply #2 on: May 28, 2010, 05:15:30 pm »
The "ping" that MCV refers to includes a whole series of tests, including a bunch of different URL calls, to each device that joins the Network via DHCP (whether attached to Vera or not).

It likely also has to Broadcast/Multicast a little in order to find the GC100's, and the UPnP stuff on the Network as well.

This might look like Port scanning, depending upon you're viewpoint ;-)


It would be very handy to be able to turn this scanning/auto-discovery off.

I've had the HTTP ones interfere with a few devices I'm testing, and the only way out is to shutdown Vera when I first bring them onto the Network.

Offline 325xi

  • Global Moderator
  • Hero Member
  • *****
  • Posts: 1101
  • Karma: +0/-0
  • V1, V2, still V2...
Re: Quick Security question
« Reply #3 on: May 28, 2010, 09:54:55 pm »
Some Linux based routers allow to filter or logging this sort of traffic if/when necessary

Offline guessed

  • Master Member
  • *******
  • Posts: 5294
  • Karma: +90/-22
  • Release compat is not a bolted-on afterthought
Re: Quick Security question
« Reply #4 on: May 28, 2010, 10:06:15 pm »
Yup, but you have to go nuts with VLAN'ing the errant device so it doesn't get passed on at the switch layer.  It would ben nicer if you could tell the errant device not to do that ;)

Offline 325xi

  • Global Moderator
  • Hero Member
  • *****
  • Posts: 1101
  • Karma: +0/-0
  • V1, V2, still V2...
Re: Quick Security question
« Reply #5 on: May 28, 2010, 11:14:27 pm »
Agree, but if I really need it I'd simply plug it into the router, directly - I prefer not to VLAN on home LANs unless really necessary. Or I'd put it onto a separate subnet, still easier IMHO

Offline micasaverde

  • Administrator
  • Hero Member
  • *****
  • Posts: 1667
  • Karma: +15/-1
Re: Quick Security question
« Reply #6 on: May 29, 2010, 12:23:36 pm »
Agreed.  I added this bug report which I think should address the requests:
http://bugs.micasaverde.com/view.php?id=1107

Offline binder1000

  • Newbie
  • *
  • Posts: 2
  • Karma: +0/-0
Re: Quick Security question
« Reply #7 on: June 02, 2010, 01:27:13 pm »
Thanks everyone, snort picked it up as a port scan, so I will adjust my rules.

Thanks