Point To Point Communication for IP Camera

Point To Point with Nano Tp-LocoM5

Many Installers are requesting methods to connect their Security Systems. From running cable race ways in commercial buildings to installing conduit above or below ground in residential installations, running wired connections can take a lot of time – which equals more money to spend in labor. This article can serve as a guide on how to maximize the use of our Nano Station Loco M5. In this article we will be going to be utilizing an IP Megapixel system.

Example: IP camera System

Items Needed:-

TP-Loco M5

Any IP camera

Any NVR

Category 5, 5e or 6 Cable / Patch Cables

PoE Switch

Before installing any hardware we first need to configure the Nanos. Lets start by Configuring the Nano that will act as an Access Point. This is the one that will be located at the Main Network.

Nano (Access Point)

Navigate to http://192.168.1.20 on your web browser. If you get this page . Click on “Continue to this website (not recommended)”

This is the correct page you should see displayed on your browser. Once you are here you can log in using UBNT as Username and Password.

Select your Country and agree to the terms of use by ticking the radio button.

Once you have gained access to the Main GUI, navigate to the Wireless Tab

Match the Settings displayed.

Wireless Mode: Access point
WDS : Enabled
SSID: UBNT_Bridge
Security : WPA2-AES
Preshared KEY: UBNT2014

Hit Change but not apply.

Network Mode: Bridge

Static Ip: 192.168.1.159

Match your Gateway as well as the DNS server. In this example we left this out as many networks are different.

Finally hit apply.

Once you have applied the settings your Nano will restart and you can install the Access Point at the Main location where the Main network is.

Nano (Station)

Lets go ahead and open an internet browser.
Navigate to http://192.168.1.20

Use the following credentials to log in.

Username: UBNT Password: UBNT

Select your Country & Language

Check the radio button to Agree the terms of use as.

Once you are loge in navigate to the Network Tab

Use the Following settings

Wireless Mode: Station
WDS : Enabled
SSID: UBNT_Bridge
Security : WPA2-AES
Preshared KEY: UBNT2014

Navigate to Network

Use the Following settings

Network Mode: Bridge

Static Ip: 192.168.1.160

Match your Gateway as well as the DNS server in this example we left this out as many networks are different.

Navigate to the Ubiquity tab

Make sure to match these settings and hit apply.

Once you have completed both Nanos you can install them making sure that they both have line of sight between the devices, some minor adjustments can be done to ensure a good connection.

The Nano’s will lock onto the network by themselves or you can click on the SELECT button this will open up a tab that will display any Access Points in the area select the correct one and lock onto it.

Once you have completed setting up your Point to Point Bridge we can focus on the location.

In this illustration you can see that the Nano (Access Point) is in line of sight with the Nano (Station) that has an IP camera connected to it.

The Connections are simple

Site Side

1.        Connect the camera that you need to add into your Main network onto its own PoE Switch “POE Port”

2.        Attach the “LAN” Cable on the single port PoE switch to the “LAN” on the PoE switch from the Nano (Site)

3.        Attach the “PoE” Cable to the Nano Station “LAN” port.

Main Side

1.        Connect the Nano Station to its PoE switch  (“LAN” to “PoE”)

2. Attach an Ethernet cable from your Router LAN port to the “LAN” port located on the Nano stations PoE switch.

*NVR connections are simple simply attach your NVR to the Router  by attaching a cable in between the LAN port on the NVR to the LAN port of your router.

Mounting Options:

The Nanos come already designed to be attached to a pole, there is a supplied Nylon Zip Ties.

Troubleshooting Tips:

If you have successfully connected all of the devices and you cannot seem to ping your camera on any device on the Station side, make sure that the WDS is enabled in both the AP and Station.

If signal is poor you can use the AirView Application to check your signals. If you are not that tech savvy you can use the Signal bars behind the units or simply log in to both and tweak your nano’s position.

Once you have completed mounting your camera and Nano stations as well as configuring your Nano’s, your system should be up and running.

Also, to view your cameras outside your network, some port forwarding is needed. Ports that need to be opened are 37777,37778 and HTTP ports.

About Wireless Hacking

About Wireless Hacking

Wireless networks broadcast their packets using radio frequency or optical wavelengths. A modern laptop computer can listen in. Worse, an attacker can manufacture new packets on the fly and persuade wireless stations to accept his packets as legitimate.

The step by step procedures in wireless hacking can be explained with help of different topics as follows:-

1) Stations and Access Points :- A wireless network interface card (adapter) is a device, called a station, providing the network physical layer over a radio link to another station.

An access point (AP) is a station that provides frame distribution service to stations associated with it.

The AP itself is typically connected by wire to a LAN. Each AP has a 0 to 32 byte long Service Set Identifier (SSID) that is also commonly called a network name. The SSID is used to segment the airwaves for usage.

2) Channels :- The stations communicate with each other using radio frequencies between 2.4 GHz and 2.5 GHz. Neighboring channels are only 5 MHz apart. Two wireless networks using neighboring channels may interfere with each other.

3) Wired Equivalent Privacy (WEP) :- It is a shared-secret key encryption system used to encrypt packets transmitted between a station and an AP. The WEP algorithm is intended to protect wireless communication from eavesdropping. A secondary function of WEP is to prevent unauthorized access to a wireless network. WEP encrypts the payload of data packets. Management and control frames are always transmitted in the clear. WEP uses the RC4 encryption algorithm.

4) Wireless Network Sniffing :- Sniffing is eavesdropping on the network. A (packet) sniffer is a program that intercepts and decodes network traffic broadcast through a medium. It is easier to sniff wireless networks than wired ones. Sniffing can also help find the easy kill as in scanning for open access points that allow anyone to connect, or capturing the passwords used in a connection session that does not even use WEP, or in telnet, rlogin and ftp connections.

5 ) Passive Scanning :- Scanning is the act of sniffing by tuning to various radio channels of the devices. A passive network scanner instructs the wireless card to listen to each channel for a few messages. This does not reveal the presence of the scanner. An attacker can passively scan without transmitting at all.

6) Detection of SSID :- The attacker can discover the SSID of a network usually by passive scanning because the SSID occurs in the following frame types: Beacon, Probe Requests, Probe Responses, Association Requests, and Reassociation Requests. Recall that management frames are always in the clear, even when WEP is enabled.

When the above methods fail, SSID discovery is done by active scanning

7) Collecting the MAC Addresses :- The attacker gathers legitimate MAC addresses for use later in constructing spoofed frames. The source and destination MAC addresses are always in the clear in all the frames.

8) Collecting the Frames for Cracking WEP :- The goal of an attacker is to discover the WEP shared-secret key. The attacker sniffs a large number of frames An example of a WEP cracking tool is AirSnort ( http://airsnort.shmoo.com ).

9) Detection of the Sniffers :- Detecting the presence of a wireless sniffer, who remains radio-silent, through network security measures is virtually impossible. Once the attacker begins probing (i.e., by injecting packets), the presence and the coordinates of the wireless device can be detected.

10) Wireless Spoofing :- There are well-known attack techniques known as spoofing in both wired and wireless networks. The attacker constructs frames by filling selected fields that contain addresses or identifiers with legitimate looking but non-existent values, or with values that belong to others. The attacker would have collected these legitimate values through sniffing.

11) MAC Address Spoofing :- The attacker generally desires to be hidden. But the probing activity injects frames that are observable by system administrators. The attacker fills the Sender MAC Address field of the injected frames with a spoofed value so that his equipment is not identified.

12) IP spoofing :- Replacing the true IP address of the sender (or, in rare cases, the destination) with a different address is known as IP spoofing. This is a necessary operation in many attacks.

13) Frame Spoofing :- The attacker will inject frames that are valid but whose content is carefully spoofed.

14) Wireless Network Probing :- The attacker then sends artificially constructed packets to a target that trigger useful responses. This activity is known as probing or active scanning.

15) AP Weaknesses :- APs have weaknesses that are both due to design mistakes and user interfaces

16) Trojan AP :- An attacker sets up an AP so that the targeted station receives a stronger signal from it than what it receives from a legitimate AP.

17) Denial of Service :- A denial of service (DoS) occurs when a system is not providing services to authorized clients because of resource exhaustion by unauthorized clients. In wireless networks, DoS attacks are difficult to prevent, difficult to stop. An on-going attack and the victim and its clients may not even detect the attacks. The duration of such DoS may range from milliseconds to hours. A DoS attack against an individual station enables session hijacking.

18) Jamming the Air Waves :- A number of consumer appliances such as microwave ovens, baby monitors, and cordless phones operate on the unregulated 2.4GHz radio frequency. An attacker can unleash large amounts of noise using these devices and jam the airwaves so that the signal to noise drops so low, that the wireless LAN ceases to function.

19) War Driving :- Equipped with wireless devices and related tools, and driving around in a vehicle or parking at interesting places with a goal of discovering easy-to-get-into wireless networks is known as war driving. War-drivers (http://www.wardrive.net) define war driving as “The benign act of locating and logging wireless access points while in motion.” This benign act is of course useful to the attackers.

Regardless of the protocols, wireless networks will remain potentially insecure because an attacker can listen in without gaining physical access.

Tips for Wireless Home Network Security

1) Change Default Administrator Passwords (and Usernames)

2) Turn on (Compatible) WPA / WEP Encryption

3) Change the Default SSID

4) Disable SSID Broadcast

5) Assign Static IP Addresses to Devices

6) Enable MAC Address Filtering

7) Turn Off the Network During Extended Periods of Non-Use

8) Position the Router or Access Point Safely

Lets find out how best to protect your system from online attacks.

a)    First up don’t allow your CCTV system to respond to a ping request. You don’t want any other internet device to be able to see if your device can “talk” to it. You will be the only one able to do this once you log in to your password encrypted software. Turn the option to receive Pings off in your DVR (digital video recorder) and also in your router. You can also change the port names on the DVR if allowed.

b)    If this function is not feasible, alter the router setups to utilize Port Forwarding, so that web traffic on a certain inbound port number will be sent to the appropriate port of the DVR on your network.

c)    As mentioned above modify the password on the CCTV System with lower and uppercase leTter$ + $ymb0ls- THIS IS A NECESSITY. Make it super complicated.

d)    See to it that you regularly update the firmware on the CCTV System to keep it up to day with the latest security threats. Manufactures will regularly update their software to counteract new threats they have detected.

e)    Configure your router’s Firewall software– Unless you want to give any person on the web access to your CCTV system. With the firewall program that comes along with your router you can also ban particular IP (Internet Protocol) and MAC (computer identification nodes) addresses from accessing your CCTV system.