DDNS services and potential hacks

Recently No-Ip.com had an outage caused by MS seizing their domains due to some users abuse (malware/bootleg software). I had a back & forth with a person on a Facebook thread that we are all basically idiots for using public or 3rd party DDNS services so clients can view their cameras.

His stance was that someone could use a "man in the middle" attack and garner the login credentials & have camera access/ "case" their home using their cameras.

Well..my counter was that if someone was away from home, using a hotspot that was spoofed and someone was nabbing info they would have no idea of where the house was located per se..just views of a front door/patio slider, inside of garage etc etc.

Any IP geolocator will not show the actual home traced back from an IP address--you'd need a court order from the ISP for that.

This twit was basically saying we're all rank amatuers & should be running our own DDNS servers. Aside from this spot outage, No-ip has been rock solid and I can get 30 domain names for 2 years for $15...thats .03 cents a month for redirect names I can give to my clients.

Reality check..if someone is going to compromise a system it's more likely going to be a paintball gun from a distance then a crowbar session.

Any IP geolocator will not show the actual home traced back from an IP address

I'm sure you're aware that Google has a fleet of cars which drive around taking video and sniffing WiFi; if not, read more about it here.

Among the WiFi data that Google collected is the MAC address and geographic location of every WiFi access point they encountered during their Wardriving. This data is available to anyone via Google's geolocation API. Thus, if a Black Hat can somehow determine the MAC address of the WiFi access point at your home, he can find out exactly where that access point is located to within a few feet. To see one way it can be done, watch this:

tRJMIMBVqFI

Aside from this spot outage, No-ip has been rock solid and I can get 30 domain names for 2 years for $15...thats .03 cents a month for redirect names I can give to my clients.

I register my domains through namecheap.com, and they provide DDNS for all of my domains at no extra charge. Rock solid as well.

Hacking, like every other legal or illegal business, has to have a payoff. Since the stakes are high with hacking in terms of penalties if caught, the prize must be big. Casing someone's home--probably not worth it. Casing a high-end home with millions of dollars of goods--profitable.

It's all a matter of how big a target you have on your back.

Good points on the replies-- I checked in on the script XSS and inputting my mac address it came up blank so I'm good so far.

Agreed on the "big target" point. As I was discussing with the guy on facebook that my local casino probably doesn't have accessible cameras from the outside world--truly "closed circuit" as they have a room full of guys manning joystick ptz controllers etc.

I do a lot of my own webstuff..I host my own websites on a nix box..I maintain a FTP server so motion still from my clients are saved locally in case they get jacked--I run a terminal server for my sisters quickbooks. But I can't see going through the hassle of a dns server for the perceived piece of mind of avoiding a service provider

I see a big problem with the XSS exploit--google cars drove in my neighborhood 5 years ago..I've since moved (maybe) and my router was in AZ now in Calif but the bad guys rely on 5 year old google coordinants and jack the house I USED to live in (sorry new owners).--LOL