Dahua 5831 Connecting to Amazon??

[bugsysiegals]

I've noticed my Dahua IPC-HDW5831R-ZE is continuously attempting to connect to 184.169.249.245 (Amazon AWS?) on ports 8810-8815. I'm not aware of any settings I have for it to be doing this. Should this be happening? Is the camera trying to "phone home" and log my feed in the cloud?

Ex. [DROP ] IN=br1 OUT=vlan5 MAC=XX:XX:XX:XX:XX:XX SRC=XXX.XXX.XXX.XXX DST=184.169.249.245 LEN=187 TOS=0x00 PREC=0x00 TTL=63 ID=15056 DF PROTO=UDP SPT=48992 DPT=8810 LEN=167

 

[bugsysiegals]

FYI - my router startup script wasn't working properly and the camera was opened to the internet a few times for about 15 minutes each. It wouldn't be anything exciting for anybody to see but I hope this doesn't compromise the camera in the future?

I'm also seeing the camera trying to connect to 8.8.8.8 and 8.8.4.4 on destination port 53 which I believe may have been the original gateway or DNS servers but they've been removed long ago. What's up with this camera?!?!

 

[redfive]

This always happens, and not only with dahua, I keep all the CCTV systems on their own segregated VLAN, accessible from some networks (local or VPN), and the NVR/IPcams can only directly talk to some google's CIDR on tcp 587 (for mails). Of course, I lose the push notifications ....
8.8.8.8 and 8.8.4.4 are the google's DNS servers.
Cheers,
jonatha

 

[SouthernYankee]

All cameras should be blocked for the internet, I use only static IP address and no DNS settings in the cameras. The camera MAC address are blocked at the router.

Build a second network and put the cameras on that network. If you are using BI have a PC with 2 NIC card.

 

[looney2ns]

VPN Primer for Noobs
Randy : OpenVPN on a Asus router
How to Secure Your Network (Don't Get Hacked!) | IP Cam Talk

 

[alastairstevenson]

seeing the camera trying to connect to 8.8.8.8 and 8.8.4.4 on destination port 53

Google's public DNS servers.
Very popular, work well, quite safe.

connect to 184.169.249.245 (Amazon AWS?) on ports 8810-8815. I'm not aware of any settings I have for it to be doing this. Should this be happening? Is the camera trying to "phone home" and log my feed in the cloud?

A P2P facility is still enabled.
Visit the camera web GUI and review the configuration.

What's up with this camera?!?!

Nothing apart from needing a configuration review. In my view.

 

[aristobrat]

They're hard to find (at least for me), but there have been a few threads about this in the past. Here's one:
IPC-HDW5231R-ZE trying to contact Amazon IP

 

[bugsysiegals]

This always happens, and not only with dahua, I keep all the CCTV systems on their own segregated VLAN, accessible from some networks (local or VPN), and the NVR/IPcams can only directly talk to some google's CIDR on tcp 587 (for mails). Of course, I lose the push notifications ....
8.8.8.8 and 8.8.4.4 are the google's DNS servers.
Cheers,
jonatha

Thanks, I have the cameras and BI computer on their own VLAN; however, since my firewall loses it's rules on reboot, I have a script to re-apply them. Unfortunately one line wasn't completing on it's own, I was running it manually, and forgot to run it after a reboot. I'll have to look into fixing that in the future but I do believe there's a moment after reboot where there's access before the firewall rules are applied, at least it did this when I had my PC plugged into the VLAN ... I probably need to re-arrange the rules or something.

 

[bugsysiegals]

All cameras should be blocked for the internet, I use only static IP address and no DNS settings in the cameras. The camera MAC address are blocked at the router.

Build a second network and put the cameras on that network. If you are using BI have a PC with 2 NIC card.

I have the camera on it's own subnet but haven't reserved the MAC/IP on the router ... wasn't sure if it mattered. Just to be safe, I ended up blocking all addresses on the subnet in case the camera had a trojan and attempted to change it's IP to something else on the subnet. I believe I needed to add the address of gmail as DNS in order to allow the camera to push email notifications until I get BI working.