alt Hacker NewsI still don’t understand how someone can end up accidentally exposing things to the public internet. With every ISP I have ever had in my country, it’s all NAT by default. Whatever I connect to my network, wired or wireless, would not be publicly accessible just like that unless I really really went out of my way to make it publicly accessible.
How do so many people end up exposing these cameras to the public internet? Are their ISPs not using NAT by default? Are the users jumping through hoops in order to open it up?
Replies
Is your ISP doing CGNAT? At least in the US that's not the norm. Most people have publicly routable IPv4 addresses (even if they rotate somewhat frequently) and most routers are configured to support UPnP out of the box.
This is an example of everything working as intended. The cameras are supposed to be accessable when you're not at home. Of course the cameras ought to ship with randomized default auth on a sticker attached to the unit the same way any half decent router does these days but they don't.
UPnP is not disabled by default on all routers, especially older ones. So devices may just try to port-forward certain control or media ports.
These are cameras sold specifically to be available over the open internet, I guess.
Many consumer routers allow any connected device to configure port forwarding using UPnP. If you want, you can play around with this using a client such as miniupnpc's example client.