Malicious Activity from Somfy Security Camera
I’m seeing malicious activity from my Somfy Security Camera.
Is there a way to get more detailed information?
(I suspect mass mail / spam but how can I get comprehensive log files?)
Best,
Ben.
-
The first two screenshots are likely people trying to access your camera from outside ...
The third one is fairly interesting, it says your camera been streaming out (upload) to the internet. You need to verify if the streams are valid or not. to do that, you will need to look netflows like your fourth screenshot and look at the upload section and see what IP is the camera sending stuff to.
Also, if the camera is to be used for remote access, you may want to think about using firewalla VPN to access it, it adds another layer of protection
-
Thank you for your answer.
This camera is supposed to be available with the Somfy app from outside without UPnP nor port forwarding so a VPN will not help.
All ports are closed from the outside so it looks like the camera was infected and is connecting to malicious site on its own…
Is there a way to "record" all supicious traffic the same way Wireshark would do with Firewalla blue?
-
Thank you for your answer.
I already had found that, I was wondering if there is a way to get the complete frames (or at least a few of them) as Wireshark provides. A feature the would allow to add a "Sniffer Rule" on one device an then download the IP frames from firewalla for instance… (That would be awesome!)
-
Would be great if there were a built-in feature to capture tshark / pcapng data from the UI and send to a file system on the desktop to further analyze. Honestly, without the data, it's very hard to know what is happening from the firewalla app. So the feature would be on various objects (e.g. device, group, domain, etc.) to send future data to the wireshark log file. It is cumbersome to use the command line and would be powerful to enable log relay from the app.
-
Have you tried the web interface? https://help.firewalla.com/hc/en-us/articles/360052779253-The-Firewalla-Web-Interface
This one is fit for looking at larger sets of data.
Please sign in to leave a comment.
Comments
9 comments