TPLINK-SMARTHOME/JSON ipcamera???

asked 2024-10-04 13:38:20 +0000

wirk gravatar image

updated 2024-10-04 13:48:43 +0000

Chuckc gravatar image

Hi, I am a total noob at this, so forgive if this is stupid, but I opened wireshark and found a very suspicious-looking package.

Source: 192.168.0.198
Destination: 255.255.255.255
Protocol:   TPLINK-SMARTHOME/JSON
Length: 191
Info:   UDP Cmd: {"system":{"get_sysinfo":{}},"cnCloud":{"get_info":{}},"smartlife.iot.common.cloud":{"get_info":{}},"smartlife.cam.ipcamera.cloud":{"get_info":{}}}

The exact same packet gets sent some random 10-60 seconds later.

After about 2000-2500 seconds, a new "round" of these two packets get sent again.

What is weird, is that the source address changes every "round", randomly either 192.168.0.156, 192.168.0.155, 192.168.0.198, never the same two rounds in a row.

edit retag flag offensive close merge delete

Comments

Work to get it to happen consistently from one IP address.
Check the DHCP logs, verify its always the same MAC address then add a static entry for it.

Chuckc gravatar imageChuckc ( 2024-10-04 13:49:55 +0000 )edit

If the MAC address is always the same then it is likely the same actual source.. As it's target is just anyone on the local net this shouldn't get far.

Seems rather typical for home IOT stuff where security is still rather a challenge.

hugo.vanderkooij gravatar imagehugo.vanderkooij ( 2024-10-04 14:12:59 +0000 )edit
add a comment