Suspicious acitvity on router

[Agathon 0]

I was looking into my router's properties under network infrastructure. Under there I have two services running that internet user can access. One of them is whatsapp, the other is something called XJUANDVR, running through TCP to port 60001 (external) and port 80 (internal).

I reverse searched the IP address of the hosts running this service and there are a whole bunch of strange sites with zero ICANN hosting data (not even privacy protection). I tried to deleting it but can't remove it. It keeps coming back.

Any idea what it might be? Should I include a firewall rule to block this IP? It might be problematic if I block all communication on those ports, right?

Edited February 17, 2020 by Agathon

[itman 1,659]

50 minutes ago, Agathon said:

the other is something called XJUANDVR, running through TCP to port 60001 (external) and port 80 (internal).

One possibility is this:

Cheap Chinese JAWS of DVR Exploitability on Port 60001: https://isc.sans.edu/forums/diary/Cheap+Chinese+JAWS+of+DVR+Exploitability+on+Port+60001/25530/

Additional refs.:

https://www.tenable.com/plugins/nessus/104144

https://www.pentestpartners.com/security-blog/pwning-cctv-cameras/

Edited February 17, 2020 by itman

[Agathon 0]

That sounds like TERRIBLE news. I had nothing to do with the CCTV or its set up but it's practically obsolete but no one ever bothered deactivating it. It didn't function properly (never allowed us to record to the disk etc) even the guy who fitted them (some electrician) couldn't figure out what was up with it and why it wouldn't record. But if this is the case, I may aswell toss it into the garbage literally, since i'm not a professional admin I wouldn't really know where to begin to test to see what's actually going on under the hood. Thank you for the insightful shares.