I'm working on a project with my fellow students, and we've discovered a vulnerability in a IP camera. This camera uses port 8554 for the rtsp protocol (it's unauthenticated). I want to block this port so that other people on the network cant access the live camera footage via the RTSP protocol (though it's accessible from the cloud, don't worry about that)
For the proof of concept, I've configured a SBC to function as a router with hostapd, dnsmasq, dhcpcd and iptables installed. I've tried various approaches, but it doens't seem to block the port or even block the client to client communication on the lan. Even the hostapd ap_isolate=1doesnt work.
Some information:
- wlan0: Access Point
- wlan1: Internet
- All clients need internet
Thank you in advanced for your responses
These are the rules i tried:
sudo iptables -A FORWARD -i wlan0 -o wlan0 -j DROP sudo iptables -A FORWARD -p tcp --dport 8554 -d 192.168.0.76 -j DROP sudo iptables -I INPUT -p tcp --dport 8554 -s 192.168.0.0/24 -j DROP sudo iptables -I INPUT -p udp --dport 8554 -s 192.168.0.0/24 -j DROP sudo iptables -A INPUT -i $WIFI -o $WIFI -s 192.168.1.0/24 -d 192.168.1.0/24 -j DROP and I've tried some additional rules similar to these
And from hostapd config: ap_isolate=1 (does nothing)
These are my settings from hostapd.conf:
interface=wlan0 driver=nl80211 ieee80211n=1 ssid=xxxxxxx hw_mode=g channel=10 wmm_enabled=0 ignore_broadcast_ssid=0 wpa=2 wpa_passphrase=xxxxxxxx wpa_key_mgmt=WPA-PSK rsn_pairwise=CCMP ap_isolate=1 submitted by /u/Commercial_Bag_9141
[link] [comments]
Source: https://www.reddit.com/r/raspberry_pi/c ... to_client/