Send Motion-user mailing list submissions to
        motion-user@lists.sourceforge.net

To subscribe or unsubscribe via the World Wide Web, visit
        https://lists.sourceforge.net/lists/listinfo/motion-user
or, via email, send a message with subject or body 'help' to
        motion-user-requ...@lists.sourceforge.net

You can reach the person managing the list at
        motion-user-ow...@lists.sourceforge.net

When replying, please edit your Subject line so it is more specific
than "Re: Contents of Motion-user digest..."


Today's Topics:

   1. Re: ebay cameras (Justin Alcorn)
   2. Re: ebay cameras (chuck elliot)


----------------------------------------------------------------------

Message: 1
Date: Mon, 15 Jan 2024 10:45:45 -0500
From: Justin Alcorn <jus...@jalcorn.net>
To: Motion discussion list <motion-user@lists.sourceforge.net>
Subject: Re: [Motion-user] ebay cameras
Message-ID:
        <cahyjeida4pbgn3ksdl_r7yxok4wppzrga-+hwrdieuxdsum...@mail.gmail.com>
Content-Type: text/plain; charset="utf-8"

Oh, and that is why I agreed that this is a good solution.  As long as you
don't allow your computer to be a router.

Again, good solution.  Done correctly.  But people who don't understand may
turn on kernel forwarding in a linux desktop, and next thing you
know....route to the Internet!   So, it's just a warning to make sure you
know what you're doing.
-- 
Justin B. Alcorn
The views expressed are not necessarily my own, much less anyone else's
PGP Fingerprint CCEB F776 C3FD 1050 C8DB  532E B8B9 BED7 7764 406C


On Mon, Jan 15, 2024 at 4:32?AM chuck elliot <c.ell...@pobox.com> wrote:

> 'true but your light still needs a route to the Internet.
>
> This guy's camera is effectively on an isolated LAN. Unless his computer
> is configured
>
> to forward packets between its interfaces , packets from the camera will
> not reach the Internet
>
> and packets from the Internet will not reach his camera.
>
>
> On 15/01/2024 1:47 am, Justin Alcorn wrote:
>
> IoT devices don't need port forwarding. They open up a connection to their
> command and control server, and leave it open, allowing the C&C server to
> send commands. That's how all your smart lights wor
> *DuckDuckGo* did not detect any trackers. More
> <https://duckduckgo.com/email/report#RFVDSzI.G3QBIByFjWO5GvtDGP1bKxlENaeymdVJAUDIqgDeF_i-gOFWLDqD5xjHGvlsPV2jaPo3aumdmzCCruhKsOlGd09frJwKUQL9b0-TXXrIz3oqyQ0Q3pF8c8_3BylmASoQsAsMpE5FLb9_yGdR2kt6VI6Oetyt6JTyIzVpLSvqDdwsVBQwRVvqRSa0AdF4rHaqplXNm_zhTLJShPZs8J9UHKEt6a7MWdciiAJW2RyzXCHdy6s1cgNn8HCry_I8XJ9QWmPXL8N7HrVRAGpVox-iL-uiy1zfd0PEr_wB>
> Report Spam
> <https://duckduckgo.com/email/report-spam#RFVDSzI.G3QBIByFjWO5GvtDGP1bKxlENaeymdVJAUDIqgDeF_i-gOFWLDqD5xjHGvlsPV2jaPo3aumdmzCCruhKsOlGd09frJwKUQL9b0-TXXrIz3oqyQ0Q3pF8c8_3BylmASoQsAsMpE5FLb9_yGdR2kt6VI6Oetyt6JTyIzVpLSvqDdwsVBQwRVvqRSa0AdF4rHaqplXNm_zhTLJShPZs8J9UHKEt6a7MWdciiAJW2RyzXCHdy6s1cgNn8HCry_I8XJ9QWmPXL8N7HrVRAGpVox-iL-uiy1zfd0PEr_wB>
> IoT devices don't need port forwarding.
>
> They open up a connection to their command and control server, and leave
> it open, allowing the C&C server to send commands.  That's how all your
> smart lights work - your smartphone app tells the server to turn off the
> light, and the light reaches out and says 'do you have a command for me'
> every second or two, and then turns off.
>
> The problem is when the C&C server gets compromised and bad guys start
> sending different commands.
>
> --
> Justin B. Alcorn
> The views expressed are not necessarily my own, much less anyone else's
> PGP Fingerprint CCEB F776 C3FD 1050 C8DB  532E B8B9 BED7 7764 406C
>
>
> On Sun, Jan 14, 2024 at 1:11?PM Harlan Daneker <hdane...@gmail.com> wrote:
>
>> Unless you know something I am unaware of, port forwarding must be set up
>> with iptables so by default it would not forward anything.
>>
>> On Sun, Jan 14, 2024 at 12:26?PM Justin Alcorn <jus...@jalcorn.net>
>> wrote:
>>
>>>
>>>
>>> On Sat, Jan 13, 2024 at 9:28?PM Harlan Daneker <hdane...@gmail.com>
>>> wrote:
>>>
>>>> They are on a separate network card on the computer with its own static
>>>> ip address and there isn't any gateway. So if there is a way to connect to
>>>> the internet you will have to tell me how it could happen.
>>>>
>>>
>>> This is the way.
>>>
>>> (As long as forwarding is disabled on the computer)
>>> _______________________________________________
>>> Motion-user mailing list
>>> Motion-user@lists.sourceforge.net
>>> https://lists.sourceforge.net/lists/listinfo/motion-user
>>> https://motion-project.github.io/
>>>
>>> Unsubscribe: https://lists.sourceforge.net/lists/options/motion-user
>>
>> _______________________________________________
>> Motion-user mailing list
>> Motion-user@lists.sourceforge.net
>> https://lists.sourceforge.net/lists/listinfo/motion-user
>> https://motion-project.github.io/
>>
>> Unsubscribe: https://lists.sourceforge.net/lists/options/motion-user
>
>
>
> _______________________________________________
> Motion-user mailing 
> listMotion-user@lists.sourceforge.nethttps://lists.sourceforge.net/lists/listinfo/motion-userhttps://motion-project.github.io/
>
> Unsubscribe: https://lists.sourceforge.net/lists/options/motion-user
>
> _______________________________________________
> Motion-user mailing list
> Motion-user@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/motion-user
> https://motion-project.github.io/
>
> Unsubscribe: https://lists.sourceforge.net/lists/options/motion-user
-------------- next part --------------
An HTML attachment was scrubbed...

------------------------------

Message: 2
Date: Mon, 15 Jan 2024 16:10:10 +0000
From: chuck elliot <c.ell...@pobox.com>
To: motion-user@lists.sourceforge.net
Subject: Re: [Motion-user] ebay cameras
Message-ID: <41aec5fb-2914-4a6a-b3a2-04cf8f570...@pobox.com>
Content-Type: text/plain; charset="utf-8"; Format="flowed"

In the Linux kernel, ipv4 packet forwarding is controlled by the value of

//proc/sys/net/ipv4/ip_forward/; 0 or 1 for disable and enable respectively.

I don't know if this value can be altered via a GUI tool but you would need

do it as /root/. GUIs normally warn against root logins.

Of course the interfaces need to be set on different IP networks e.g.

A set to 192.168.1.1/24 (physically connected to local LAN)

and

B set to 192.168.2.1/24 (physically connected to camera only)

although the host will have routes set for both networks and both are

accessible from the host, it will only forward packets between them if 
//proc/sys/net/ipv4/ip_forward=1/

thus isolating the camera from any other host.

Regards.



On 15/01/2024 1:22 pm, Harlan Daneker wrote:
> Exactly, we are not talking about devices that some company has 
> programmed. This is a Fedora Linux desktop so unless the people that 
> make the kernel are doing something devious it doesn't forward pack
> *DuckDuckGo* did not detect any?trackers. More 
> <https://duckduckgo.com/email/report#RFVDSzI.G4sBIBwHdqPP1dgDwfgzEjNrTWV_VhcAhepU8UHugZMChlux6AyeYxxrUj_xFoVRdI3SGR441U3EAV7il7KDt97_QiizxIjAqoxi4oWfqjChsw8KrxAmuJs4IbsQRCrgIgs4Qh0SC37_ED4eBu7ZLwcDsjsz2DkkFEqh0oQQyUSIl5b6yqmWtu0OmkGZRQGjnNHDrqO8RPNHt9-1Q6c7-EMSym0fKDqTyTNTcfeklo7C5ewTRwkg6zkT9cKxql-1WeXoTe7z8ZbV1C4vVMp5MU7Tux-l2RFQwhIeTkDXMvHW8Ns2RJzGHw>
>  
>
> Unable to verify sender identity
>
> Report Spam 
> <https://duckduckgo.com/email/report-spam#RFVDSzI.G4sBIBwHdqPP1dgDwfgzEjNrTWV_VhcAhepU8UHugZMChlux6AyeYxxrUj_xFoVRdI3SGR441U3EAV7il7KDt97_QiizxIjAqoxi4oWfqjChsw8KrxAmuJs4IbsQRCrgIgs4Qh0SC37_ED4eBu7ZLwcDsjsz2DkkFEqh0oQQyUSIl5b6yqmWtu0OmkGZRQGjnNHDrqO8RPNHt9-1Q6c7-EMSym0fKDqTyTNTcfeklo7C5ewTRwkg6zkT9cKxql-1WeXoTe7z8ZbV1C4vVMp5MU7Tux-l2RFQwhIeTkDXMvHW8Ns2RJzGHw>
>  
>
>
> Exactly, we are not talking about devices that some company has 
> programmed. This is a Fedora Linux desktop so unless the people that 
> make the kernel are doing something devious it doesn't forward 
> packets. /"There might be a conspiracy to forward packets from my 
> cameras to China with port forwarding using unrelated operating 
> systems, that is the direction this conversation is heading."/ A 
> closed network is closed unless NetworkManager is doing something I'm 
> not aware of, I've never liked NetworkManager. The old way was easier 
> to set up a server and it even had a gui for multiple network cards 
> and port forwarding, but it wasn't automatic and you had to do 
> something before you could connect to anything. That being said, 
> comments about NetworkManager could be useful to me and others. 
> Somewhere I read it had 300,000 lines of code.
>
> On Mon, Jan 15, 2024 at 4:52?AM chuck elliot <c.ell...@pobox.com> wrote:
>
>     'true but your light still needs a route to the Internet.
>
>     This guy's camera is effectively on an isolated LAN. Unless his
>     computer is configured
>
>     to forward packets between its interfaces , packets from the
>     camera will not reach the Internet
>
>     and packets from the Internet will not reach his camera.
>
>
>     On 15/01/2024 1:47 am, Justin Alcorn wrote:
>
>>     IoT devices don't need port forwarding. They open up a connection
>>     to their command and control server, and leave it open, allowing
>>     the C&C server to send commands. That's how all your smart lights
>>     wor
>>     *DuckDuckGo* did not detect any?trackers. More
>>     
>> <https://duckduckgo.com/email/report#RFVDSzI.G3QBIByFjWO5GvtDGP1bKxlENaeymdVJAUDIqgDeF_i-gOFWLDqD5xjHGvlsPV2jaPo3aumdmzCCruhKsOlGd09frJwKUQL9b0-TXXrIz3oqyQ0Q3pF8c8_3BylmASoQsAsMpE5FLb9_yGdR2kt6VI6Oetyt6JTyIzVpLSvqDdwsVBQwRVvqRSa0AdF4rHaqplXNm_zhTLJShPZs8J9UHKEt6a7MWdciiAJW2RyzXCHdy6s1cgNn8HCry_I8XJ9QWmPXL8N7HrVRAGpVox-iL-uiy1zfd0PEr_wB>
>>
>>
>>     Report Spam
>>     
>> <https://duckduckgo.com/email/report-spam#RFVDSzI.G3QBIByFjWO5GvtDGP1bKxlENaeymdVJAUDIqgDeF_i-gOFWLDqD5xjHGvlsPV2jaPo3aumdmzCCruhKsOlGd09frJwKUQL9b0-TXXrIz3oqyQ0Q3pF8c8_3BylmASoQsAsMpE5FLb9_yGdR2kt6VI6Oetyt6JTyIzVpLSvqDdwsVBQwRVvqRSa0AdF4rHaqplXNm_zhTLJShPZs8J9UHKEt6a7MWdciiAJW2RyzXCHdy6s1cgNn8HCry_I8XJ9QWmPXL8N7HrVRAGpVox-iL-uiy1zfd0PEr_wB>
>>
>>
>>     IoT devices don't need port forwarding.
>>
>>     They open up a connection to their command and control server,
>>     and leave it open, allowing the C&C server to send commands.?
>>     That's how all your smart lights work - your smartphone app tells
>>     the server to turn off the light, and the light reaches out and
>>     says 'do you have a command for me' every second or two, and then
>>     turns off.
>>
>>     The problem is when the C&C server gets compromised and bad guys
>>     start sending different commands.
>>
>>     -- 
>>     Justin B. Alcorn
>>     The views expressed are not necessarily my own, much less anyone
>>     else's
>>     PGP Fingerprint?CCEB F776 C3FD 1050 C8DB? 532E B8B9 BED7 7764 406C
>>
>>
>>     On Sun, Jan 14, 2024 at 1:11?PM Harlan Daneker
>>     <hdane...@gmail.com> wrote:
>>
>>         Unless you know something I am unaware of, port forwarding
>>         must be set up with iptables so by default it would not
>>         forward anything.
>>
>>         On Sun, Jan 14, 2024 at 12:26?PM Justin Alcorn
>>         <jus...@jalcorn.net> wrote:
>>
>>
>>
>>             On Sat, Jan 13, 2024 at 9:28?PM Harlan Daneker
>>             <hdane...@gmail.com> wrote:
>>
>>                 They are on a separate network card on the computer
>>                 with its own static ip address and there isn't any
>>                 gateway. So if there is a way to connect to the
>>                 internet you will have to tell me how it could happen.
>>
>>
>>             This is the way.
>>             (As long as forwarding is disabled on the computer)
>>             _______________________________________________
>>             Motion-user mailing list
>>             Motion-user@lists.sourceforge.net
>>             https://lists.sourceforge.net/lists/listinfo/motion-user
>>             https://motion-project.github.io/
>>
>>             Unsubscribe:
>>             https://lists.sourceforge.net/lists/options/motion-user
>>
>>         _______________________________________________
>>         Motion-user mailing list
>>         Motion-user@lists.sourceforge.net
>>         https://lists.sourceforge.net/lists/listinfo/motion-user
>>         https://motion-project.github.io/
>>
>>         Unsubscribe:
>>         https://lists.sourceforge.net/lists/options/motion-user
>>
>>
>>
>>     _______________________________________________
>>     Motion-user mailing list
>>     Motion-user@lists.sourceforge.net
>>     https://lists.sourceforge.net/lists/listinfo/motion-user
>>     https://motion-project.github.io/
>>
>>     Unsubscribe:https://lists.sourceforge.net/lists/options/motion-user
>     _______________________________________________
>     Motion-user mailing list
>     Motion-user@lists.sourceforge.net
>     https://lists.sourceforge.net/lists/listinfo/motion-user
>     https://motion-project.github.io/
>
>     Unsubscribe: https://lists.sourceforge.net/lists/options/motion-user
>
>
> DuckDuckGo was unable to verify sender identity
>
>
> DuckDuckGo was unable to verify sender identity
>
> _______________________________________________
> Motion-user mailing list
> Motion-user@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/motion-user
> https://motion-project.github.io/
>
> Unsubscribe:https://lists.sourceforge.net/lists/options/motion-user
-------------- next part --------------
An HTML attachment was scrubbed...

------------------------------



------------------------------

Subject: Digest Footer

_______________________________________________
Motion-user mailing list
Motion-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/motion-user


------------------------------

End of Motion-user Digest, Vol 209, Issue 16
********************************************

Reply via email to