This attack poses a minor threat. Corrective action may not be possible or is not required.
This signature detects Cameradar Scannning activity.
Cameradar is an RTSP Surveillance Camera Access Multitool, it allows attackers to:
- Detect open RTSP hosts on any accessible target
- Get their public info (hostname, port, camera model, etc.)
Launch automated dictionary attacks to get their stream route (for example /live.sdp)
- Launch automated dictionary attacks to get the username and password of the cameras
- Generate thumbnails from them to check if the streams are valid and to have a quick preview of their content
- Try to create a Gstreamer pipeline to check if they are properly encoded
- Print a summary of all the informations Cameradar could get
- Various RTSP CCTV cameras