The invention discloses a defense method for configuring weak
password vulnerabilities of internal and external network cameras. A
honeypot is arranged at a network end of the camera, and a
public network end of the camera is accessed to the rear of a
router to configure an
access control list for the
router. In an internal environment, ports 23 and 80 of the camera are exposed through the
honeypot, and a scanned traffic packet is obtained, the source
IP address of the scanned traffic packet is analyzed, and an
intranet attack host is obtained through the
honeypot when a camera
vulnerability scan
attack occurs. In an external network environment, all traffic accessing the camera is uniformly filtered by the
router, and the
IP address allowed to be accessed is released, otherwise prohibiting. According to the defense method for configuring weak
password vulnerabilities of the internal and external network cameras, illegal requests of the external network are filtered by using a router ACL, and all external networks accesses do not need to be forbidden, thereby guaranteeing the functionality of the camera; and a Cowrie honeypot is used for internal
network deployment, so that low
false alarm rate is achieved, and intrusion method and flow of an attacker can be more clearly understood.