Blocking traffic to a certain device?

[shabby]

It seems my camera dvr is part of the mirai botnet(changing password/firmware doesn't help for some reason), every time i connect it to the router the connection gets disconnected within a few hours, my isp warned me about this a handful of times and now they're disconnecting me.
So my idea is to block all incoming/outgoing traffic from my dvr(say 192.168.1.99) but allow certain ip's that i will be using or mac addresses for the devices i will be using so i can connect to it... is this possible or just a pipe dream with the merlin firmware?

 

[RMerlin]

If your DVR doesn't need Internet access then configure Parental Control, and don't give it any allowed Internet period.

You should however really look into fixing the root problem here.

 

[shabby]

Its kinda hard to fix the problem, when the dvr locks you out for whatever reason, you have to contact the company for a temporary password. These passwords work only on the day they were given on and they give you one for today and one for tomorrow, problem is these passwords aren't tied to a serial number or anything so they work on any dvr. So for 2 days i have a password that gives me access to my dvr, my neighbors dvr and even your dvr if i know the ip of it.
This is basically a backdoor, not sure what genius thought of this.

Root problem, funny

 

[martinr]

.. .

Root problem, funny

How old is the device; are you, for example, still in the period where you have statutory rights as a consumer? You have been sold something that is clearly unfit fir purpose to the point of its being useless. When consumers start demanding their money back perhaps manufacturers will take security seriously. And well done to your ISP for taking its role seriously, even though it inconveniences you.

 

[L&LD]

Its kinda hard to fix the problem, when the dvr locks you out for whatever reason, you have to contact the company for a temporary password. These passwords work only on the day they were given on and they give you one for today and one for tomorrow, problem is these passwords aren't tied to a serial number or anything so they work on any dvr. So for 2 days i have a password that gives me access to my dvr, my neighbors dvr and even your dvr if i know the ip of it.
This is basically a backdoor, not sure what genius thought of this.

Root problem, funny

Seems that the way you get access to your DVR is the same way anyone else can too?

Why don't you setup a new subnet immediately after resetting the DVR (but not connected on the 'net). This may stop the problem coming back?

If this was in the return period (or statutory rights period, as martinr said above), I would be returning it, period (wouldn't care if I could fix this 'now').

 

[shabby]

The device is 4 years old, got it from costco, im sure they would take it back but i don't have any of the packaging anymore.
The password is also limited to 6 characters, cracking 6 char passwords is easy as pie.
I called the manufacturer and they said while the temp password will work on identical models the chances of people doing this to cause harm was slim, if you live in a bubble then the chances of everything is slim too. They never heard of the mirai botnet but they'll investigate it now, we'll see what comes out of it.

 

[L&LD]

4 years old? I would retire it and call it a day.

I think you got your money's worth over that time, right?

I certainly wouldn't spend any further time on it (the manufacturer certainly won't).

 

[shabby]

Sure i got my money's worth but its not like its broken and needs replacing, although some better cameras and more storage would be nice, will definitely think about it.

And well done to your ISP for taking its role seriously, even though it inconveniences you.

Looks like it struck today in a big way http://krebsonsecurity.com/

 

[L&LD]

Looks like it's broken to me? If you can't use it (without it being part of a botnet), it isn't usable, right?

 

[shabby]

I would say partially broken, it still does its job you just can't view your cameras remotely.