This object is in archive!
Foscam IP Cam
Not a Problem
I`ve been trying to add my foscams to Zipato control panel.
When i had problems, the people on support@zipato.com tried, but aparently did not manage to get it.
Anyway after two weeks noone has still not replied to my requests and this is reflecting the inital comunication i made with zipato befor buying this unit.
Respons:227 Entering Passive Mode (10,0,65,184,139,167)
Status:Server sendt passiv respons with non-routable address. Using serveraddress instead
If i manually connect to FTP server, it reports back internal IP and not External. this is bad configuration from your side. On the other side, if trying to manually upload a picture to Alarm folder - it does instantly disconnects me without any reason givven.
The same problem 
No connection
Real-time notifications may not work
Hi,
What is the ftp answer when configured in active (Port mode on foscam) ?
NB : You must synchonize your box before using ftp user / passwd
Regards,
Hi,
What is the ftp answer when configured in active (Port mode on foscam) ?
NB : You must synchonize your box before using ftp user / passwd
Regards,
Port mode (active) works, reply with correct addresses (when tested this).
But when using multiple devices - behind the same public ip. Active is not an idea.
If the provided answers from Zipato is that NAT has to be done to fix this instead of just configuring the ftpD correctly - then i ratter just use my zoneminder installation.
As a side note, I did some packet sniffing yesterday on my network.
All password and usernames for FTP provided by Zipato (the ones you use to configure the webcams) is sendt in clear text.
The same is also the config of the defined IP cameras,including username and password. You do not have to configure or browse any camera to get this information. There is javascripts listing all this information each time a users logs in to the dashboard my.zipato.com
So in theory and outsider with access to your network can easily find information on your network and start to monitor/watch your cams without your knowledge...
And Since they get access to your ftp account at my.zipato.com that is used for snapshots this can be viewed externally
Port mode (active) works, reply with correct addresses (when tested this).
But when using multiple devices - behind the same public ip. Active is not an idea.
If the provided answers from Zipato is that NAT has to be done to fix this instead of just configuring the ftpD correctly - then i ratter just use my zoneminder installation.
As a side note, I did some packet sniffing yesterday on my network.
All password and usernames for FTP provided by Zipato (the ones you use to configure the webcams) is sendt in clear text.
The same is also the config of the defined IP cameras,including username and password. You do not have to configure or browse any camera to get this information. There is javascripts listing all this information each time a users logs in to the dashboard my.zipato.com
So in theory and outsider with access to your network can easily find information on your network and start to monitor/watch your cams without your knowledge...
And Since they get access to your ftp account at my.zipato.com that is used for snapshots this can be viewed externally
Regarding your FTP problem, we can't setup your NAT or anything regarding your local network. And it seams you have enough knowledge to configure it yourself in order to make it work.
Regarding your concerns about security... Try to set FTP account or login to camera directly (without zipato) and sniff your local network traffic... You will get the same results... And even if you get FTP username and pass you won't be able to view anything on the FTP server (guess why...)
As for camera username an pass, yes YOU can obtain them when login to YOUR zipato account but only if you choose to enter them in setup as they are not required, and used only for automatic configuration and fast viewing of live stream and snapshots (recommended for people that aren't so paranoid).
And just to mention (for all others, that might be confused with your post) that you can't sniff any of that data if you are using HTTPS.
Regarding your FTP problem, we can't setup your NAT or anything regarding your local network. And it seams you have enough knowledge to configure it yourself in order to make it work.
Regarding your concerns about security... Try to set FTP account or login to camera directly (without zipato) and sniff your local network traffic... You will get the same results... And even if you get FTP username and pass you won't be able to view anything on the FTP server (guess why...)
As for camera username an pass, yes YOU can obtain them when login to YOUR zipato account but only if you choose to enter them in setup as they are not required, and used only for automatic configuration and fast viewing of live stream and snapshots (recommended for people that aren't so paranoid).
And just to mention (for all others, that might be confused with your post) that you can't sniff any of that data if you are using HTTPS.
First off.. you are right about that you do not need to enter username and password to manually configure the cameras. and YOU can NOT configure my NAT since you do not have access to my networking equipment (legeally)
and, Yes i am fully capable to manually configure my Cameras - but as mentioned in the first post and by mail several times; YOUR ftp server replies to me with wrong address and uses its own internal IP as ID against MY camera located at MY network without any knowledge of YOUR network. The original post where marked as "known" so i guessed that is something you are working on.
Regardingn the secuurity question, which is not a way for me to spread dirt about Zipato - so calm down; but rather some useful information that i found and now with your reply - it highlights the real problem.. SSL, regarding the sha1 hashing or not.
Since it actually IS possible to use username/password to configure cams, HTTP should not be allowed at all, i would rather recomend a plain redirect to SSL to prevent users to use it.
Second.. Yes - you CAN sniff username and password directly from my cameras.
As long as you are on MY management network at home, and not on the regular "user" Vlan or "Guest" Vlan wich is firewalled by my own equipment locked in at technical room with alarm and sensors constantly armed (yeah - yeah - call my paranoid; but this is part of what i do for a living)
- But since you can actually use my.zipato.com externally on whatever network or internet connection e.g at your office, you remove the first barricade of security (my home) and completely rely on the network where you are connected - or the application you are using online and secure traffic.
Lets turn the situation around - Lets say it is a guy that`s not that paranoid, regular "normal" person who uses this system. He have read the community, where it is stated that since passwords is encrypted with sha1, he`s head tells him this is "safe" to use. 50% of all users on internet do not know what SSL is or do, but might heard something about it from online banking or similar. So when connection to my.zipato.com is done in the browser it goes directly to HTTP.
He Sporadically monitors his home from laptop when traveling, at work e.g.
- with the information avaliable.. Zipato just made it possible for me to check WHEN the house is empty and monitor it without even beeing in the street looking suspiciously and just preparing.. Paranoid? - maby but hey! noone steals information or payment cards or steals ID`s either since it is so "tought" to do it.
as long as you accept BOTH HTTP and HTTP(S) you totally rely on the users to know when to use what - wich all leads me back to the SSL again..
First off.. you are right about that you do not need to enter username and password to manually configure the cameras. and YOU can NOT configure my NAT since you do not have access to my networking equipment (legeally)
and, Yes i am fully capable to manually configure my Cameras - but as mentioned in the first post and by mail several times; YOUR ftp server replies to me with wrong address and uses its own internal IP as ID against MY camera located at MY network without any knowledge of YOUR network. The original post where marked as "known" so i guessed that is something you are working on.
Regardingn the secuurity question, which is not a way for me to spread dirt about Zipato - so calm down; but rather some useful information that i found and now with your reply - it highlights the real problem.. SSL, regarding the sha1 hashing or not.
Since it actually IS possible to use username/password to configure cams, HTTP should not be allowed at all, i would rather recomend a plain redirect to SSL to prevent users to use it.
Second.. Yes - you CAN sniff username and password directly from my cameras.
As long as you are on MY management network at home, and not on the regular "user" Vlan or "Guest" Vlan wich is firewalled by my own equipment locked in at technical room with alarm and sensors constantly armed (yeah - yeah - call my paranoid; but this is part of what i do for a living)
- But since you can actually use my.zipato.com externally on whatever network or internet connection e.g at your office, you remove the first barricade of security (my home) and completely rely on the network where you are connected - or the application you are using online and secure traffic.
Lets turn the situation around - Lets say it is a guy that`s not that paranoid, regular "normal" person who uses this system. He have read the community, where it is stated that since passwords is encrypted with sha1, he`s head tells him this is "safe" to use. 50% of all users on internet do not know what SSL is or do, but might heard something about it from online banking or similar. So when connection to my.zipato.com is done in the browser it goes directly to HTTP.
He Sporadically monitors his home from laptop when traveling, at work e.g.
- with the information avaliable.. Zipato just made it possible for me to check WHEN the house is empty and monitor it without even beeing in the street looking suspiciously and just preparing.. Paranoid? - maby but hey! noone steals information or payment cards or steals ID`s either since it is so "tought" to do it.
as long as you accept BOTH HTTP and HTTP(S) you totally rely on the users to know when to use what - wich all leads me back to the SSL again..
Problem is automatically marked as "Known" if it was marked "In progress" than it would mean we are working on it.
So it is not a problem with our FTP server, problem is in your network configuration.
And again, you are just confusing users with this post about security.
Problem is automatically marked as "Known" if it was marked "In progress" than it would mean we are working on it.
So it is not a problem with our FTP server, problem is in your network configuration.
And again, you are just confusing users with this post about security.
Replies have been locked on this page!