Jump to content

Using my new Squirrel to capture a HACKER...


Recommended Posts

So Some one is trying to hack into my DVR at home.

I'm thinking this is the tool for the Job. I wanted to support the Hak5 crew and got it a month after it came out. I watched some of the videos , Really love the show..but haven't 

totally wrapped my head around the implementation of what I need to do.

The scenario is this: I have a Hikvision DVR 8 channels, I have it text me whenever some one try's and fails to log into it.

The Firmware in the unit is supposed to lock out after 4-5 bad try's but doesn't work, it is the latest version , freshly flashed to it. These are well known for being used in ddos campaigns

as a part of a bot network. I want to man in the middle , capture the packets and see what it is they are trying to do, is it my Neighbor? or a stinking hacker. 

 I have changed WAN IP & the attempts continue, I changed the port & the attempts continue, New Arris SB-8200 Modem &  Arris SBR-1750 Router are in front of the DVR

I could get comcast involved but that"s no fun. (35 tries yesterday) the attempts continue.  Every couple days they try, when I'm home i just disconnect the patch cable and I have gone as far as connecting a separate switch setup with a remote power plug. If I'm away I get a text and then remotely turn-OFF the power to the switch that the connection to dvr goes through. DVR keeps recording but no access while the switch is OFF.  It hasn't been broken into yet, Good Strong Password and I log successful logins and so far it's only Me. :-p

I'm up for suggestions and/or guidance in how to do this. Packet Squirrel is still in the envelope New.




Link to comment
Share on other sites

I have made a post about this kind of activity.


I setup a honey pot and give the attacker access with basic user/password. (Ip tables to redirect the attack to the honey pot)


If you see multiple ip address attempt to login. Then my guess is its a automated IoT botnet.


there are hundreds of botnet campaigns involved, its not just one identity, they all want the same thing. there goal is monero mining, if the device is incompatible with the mining software then it simply becomes appart of the brute force pool.



the attacker's start with multiple compromised gig hosting services. distributes a tcp Scans across the ipv4 subnet lightning fast looking for easily exploitable services like your dvr.


I have discovered 30,000 machines mining monero. but that's just one identity. There where others.


I have logged a huge amount of data and a huge amount of ip address's. Mining software, root kits and exploit code.

Link to comment
Share on other sites


This topic is now archived and is closed to further replies.

  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Create New...