Menu
What's new

Camera backdoor?

L

lalalelelululala

n3wb
Joined
Oct 31, 2018
Messages
9
Reaction score
0
Location
Austria
Hello guys,

I have a very strange behavior going on in my network.



I know for certain that when I disconnect my Reolink camera, this behavior is gone.

Here is the model:



The mac address asking for an IP is ever-changing so often.
The requests are hammering in every second.
The camera has no access to the internet.

Any idea how I deal with this?

Regards
 
alastairstevenson

alastairstevenson

Staff member
Joined
Oct 28, 2014
Messages
15,975
Reaction score
6,800
Location
Scotland
lalalelelululala said:
The mac address asking for an IP is ever-changing so often.
Click to expand...
Is the camera set for DHCP or a static IP address?
Does the camera have WiFi and are there just 2 MAC addresses behaving this way?
Why are there no free leases on your DHCP server?
What does the DHCP device list show?
 
L

lalalelelululala

n3wb
Joined
Oct 31, 2018
Messages
9
Reaction score
0
Location
Austria
alastairstevenson said:
Is the camera set for DHCP or a static IP address?
Does the camera have WiFi and are there just 2 MAC addresses behaving this way?
Why are there no free leases on your DHCP server?
What does the DHCP device list show?
Click to expand...
Camera is set to static IP address.
Camera is set to use WiFi. The mac addresses keep changing in a somewhat set interval. (After a reboot of the camera for instance)
There are no free leases because I picked that option.
->
Deny unknown clients
Only the clients defined below will get DHCP leases from this server.

When I undo this option and I open my lease pool the camera is asking for an IP out of the pool despite being statically assigned.

The DHCP device list shows that the camera is online with the IP I gave the "official" mac address.
 
mat200

mat200

IPCT Contributor
Joined
Jan 17, 2017
Messages
14,047
Reaction score
23,404
lalalelelululala said:
Camera is set to static IP address.
Camera is set to use WiFi. The mac addresses keep changing in a somewhat set interval. (After a reboot of the camera for instance)
There are no free leases because I picked that option.
->
Deny unknown clients
Only the clients defined below will get DHCP leases from this server.

When I undo this option and I open my lease pool the camera is asking for an IP out of the pool despite being statically assigned.

The DHCP device list shows that the camera is online with the IP I gave the "official" mac address.
Click to expand...
Hi @lalalelelululala

I see that it is a Reolink WiFi camera.

Check the MAC addressses:

Which MAC addresses are asking and assigned IP addresses?

update: WiFi MAC address? LAN MAC address? other MAC address?
 
Last edited:
alastairstevenson

alastairstevenson

Staff member
Joined
Oct 28, 2014
Messages
15,975
Reaction score
6,800
Location
Scotland
lalalelelululala said:
When I undo this option and I open my lease pool the camera is asking for an IP out of the pool despite being statically assigned.
Click to expand...
That's the problem then.
The camera firmware is buggy if you've set the IP to static and it's still asking for a DHCP reservation.
 
mat200

mat200

IPCT Contributor
Joined
Jan 17, 2017
Messages
14,047
Reaction score
23,404
lalalelelululala said:
Lan: ec:71:db:77:d6:2a
WiFi: b0:41:1d:3d:a0:43
Click to expand...
Check each interface that you've disabled DHCP.

Funny to see 00:25:d1:0b:dd:87 or 00:c8:79:4e:dc:49 if the LAN and WIFi are not those.

Maybe time to use wireshark or another packet analyzer tool and see what happens when you allow it to grab an IP.
 
SouthernYankee

SouthernYankee

IPCT Contributor
Joined
Feb 15, 2018
Messages
5,170
Reaction score
5,320
Location
Houston Tx
it may be time to drop the reolink POS in the trash.

If you have a good router (like ASUS) block all the mac addresses from accessing the internet. On the asus router you use parental controls to block mac addresses.
 
L

lalalelelululala

n3wb
Joined
Oct 31, 2018
Messages
9
Reaction score
0
Location
Austria
SouthernYankee said:
it may be time to drop the reolink POS in the trash.

If you have a good router (like ASUS) block all the mac addresses from accessing the internet. On the asus router you use parental controls to block mac addresses.
Click to expand...
This might be very true.
The mac addresses seem to be randomly generated. Not really able to block all those.
I can whitelist the legit mac address and block all others.

I have a good router.
ASUS good? Not really.
I built my own router with pfsense paired with Ubiquity WiFi. Beats ASUS by miles.

Thanks everyone for the help.
 
T

taz420nj

Getting the hang of it
Joined
Oct 14, 2018
Messages
67
Reaction score
43
Location
KS
lalalelelululala said:
This might be very true.
The mac addresses seem to be randomly generated. Not really able to block all those.
I can whitelist the legit mac address and block all others.

I have a good router.
ASUS good? Not really.
I built my own router with pfsense paired with Ubiquity WiFi. Beats ASUS by miles.

Thanks everyone for the help.
Click to expand...
pfSense is lightyears better than anything any SOHO router can do... ;)
 
H

HealthyHarold

n3wb
Joined
Oct 8, 2019
Messages
1
Reaction score
0
Location
San Diego
Folks, I'm having a heck of a time trying to stop these fake MAC addresses generated by my ReoLink cameras, they're taking up all the DHCP address range and causing a mess. The strange thing is that after they use the fake MAC address, they proceed to connect with the real MAC address on finalization (I assume its the real MAC address, but who knows). Reolink support wrongly stated that it was fixed in the latest firmware, which I already had, then they backtracked telling me not to block their fake MAC addresses or it will cause infinite reboots, in other words, MAC filtering is a bad idea. Can anyone understand what they're doing here and why?

----------------
"The fake Mac address was used to detect whether the wifi of the camera is disconnect, which was used DHCP discovery protocols.
If the correct MAC address of the wifi camera was used, the camera will not able to get the DHCP IP address by default automatically.

We also don't suggest you block all the fake MAC addresses, the camera will still connect, but it will reboot itself while no one connects the camera.

Hope you can disregard such fake mac address in your router, which doesn't affect your use of the camera.
We will ask our senior engineer to change the code of the firmware and improve such issue."

------------

"Your camera is already in the latest firmware.
I will consult senior engineer again to get more details for you."

------------

"This fake mac address is just a kind of signal that indicating the camera is keep detecting the wifi and not disconnect with your home wifi.
Just consult with our senior engineer, now for the new firmware we have improved this problem and no random mac address.
Could you please send a screenshot to show us the firmware and we will send the new firmware to you?"

--------------

"Just confirmed with our engineer, the fake Mac address was sent by our camera for Wifi detection.
Every time your camera was rebooted, the Mac address would be changed accordingly to make sure the wifi connection is stable. In this way, we can make sure the camera will automatically connect with your home wifi after reboot or power cut."
 
W

Will.I.Am

Getting the hang of it
Joined
Mar 17, 2018
Messages
94
Reaction score
40
Waffle waffle waffle.

I've seen phones use a fake mac address when they're sleeping, but that makes sense so that if they're just sending out silent requests to see what wifi networks are available when you're not actively using the thing, no one can sniff out your real mac address.


There's no reason I can see why an ip camera that is already connected to a network would need to spoof its mac address. No legitimate reason anyway.
 
You must log in or register to reply here.
Top