Popped to the brother-in-laws after work as he reported all 5 cameras on his DS-7608 had dropped offline.
System comprises of:
1 x DS-2CD2T42WD-i5.
1 x DS-2CD2342WD-i.
3 x legacy unbranded chinese tat, one of which is via a TP Link ethernet over ring main widget.
Anyway, network activity LEDs on all camera ports on the NVR, good start, rebooted NVR, plugged my laptop in to a spare port on the NVR and ran Advanced IP Scanner, only one camera detected (cam 5). Disconnected the TP link (cam 4) which bought up cams 1,2 & 3. I then attempted accessing the web GUI on cam 5, which didn't load, but I got a warning from Symantec Endpoint Protection stating the following: (SID:24164 Web Attack:Exploit Kit Variant 5 Detected.
Plugged cam 4 back in to the NVR, and rebooted again, all cameras now up.
The conspiracist in me suspects that the legacy cameras are harbouring something nasty. The previous no-brand NVR he had was used with default credentials, and remote viewing was done by QR code, bleugh.
This is what I found from Symantec: https://www.symantec.com/security_respo ... asid=24164
Any input, suggestions from others most welcome!