Configuring Date/Time

MacFun

Getting the hang of it
Joined
Aug 1, 2017
Messages
317
Reaction score
61
Location
Houston, TX
When I first setup my 5231 cam 2 years ago, I think I just used "Sync PC". I think this changed and it was off by 20 years! What settings do you use? Do you favor a certain name server?

Thanks,

R
 

Attachments

biggen

Known around here
Joined
May 6, 2018
Messages
2,539
Reaction score
2,765
I run a local NTP server on my LAN all my cams sync to. It’s pretty easy to setup a local private one on Windows or Linux.

You can use 0.us.pool.ntp.org if in the US to connect to a random USA NTP pool. The clock.isc.org doesn’t work last I checked.
 

MacFun

Getting the hang of it
Joined
Aug 1, 2017
Messages
317
Reaction score
61
Location
Houston, TX
I run a local NTP server on my LAN all my cams sync to. It’s pretty easy to setup a local private one on Windows or Linux.

You can use 0.us.pool.ntp.org if in the US to connect to a random USA NTP pool. The clock.isc.org doesn’t work last I checked.
What's the benefit of running your now time server?
 

MacFun

Getting the hang of it
Joined
Aug 1, 2017
Messages
317
Reaction score
61
Location
Houston, TX
You should be isolating your cams from the internet. Running your own time server allows you to point each cam to your time server and not have them accessing the internet.
Agreed, I think my 5231 can hit the internet..... I'll look for the cliff notes.... just removing the gateway breaks the connection? Or, do you get fancy with Vlans or does your router have separate physical port...? I know this should be hardened. I need to reeducate myself. I did create strong credentials...... So if it is available to the world what's the typical risk? That they could hack in and see my feed? Or, something more ominous?

Thanks!
 

biggen

Known around here
Joined
May 6, 2018
Messages
2,539
Reaction score
2,765
What's the benefit of running your now time server?
@samplenhold nailed it. Plus running my own I know it works all the time and all the cameras are synced. Using a generic NTP could be a problem if there was a pool failure and I never noticed and the cameras got out of sync. Its a slim chance, of course, but if you need to submit video footage to the authorities having cameras in time sync goes a long way to help the DA.
 

biggen

Known around here
Joined
May 6, 2018
Messages
2,539
Reaction score
2,765
Agreed, I think my 5231 can hit the internet..... I'll look for the cliff notes.... just removing the gateway breaks the connection? Or, do you get fancy with Vlans or does your router have separate physical port...? I know this should be hardened. I need to reeducate myself. I did create strong credentials...... So if it is available to the world what's the typical risk? That they could hack in and see my feed? Or, something more ominous?

Thanks!
Not port forwarding to your cameras is a major step to "beefing up" your security.. You need to use a VPN to connect to your cameras when outside your network. Next step is to isolate the the cameras (or the subnet they are located in) so that they can't phone home.

It's not so much anyone seeing your feed. They couldn't care less about that. They use these cameras (and IoTs in general) as huge botnet attacks.
 

MacFun

Getting the hang of it
Joined
Aug 1, 2017
Messages
317
Reaction score
61
Location
Houston, TX
Not port forwarding to your cameras is a major step to "beefing up" your security.. You need to use a VPN to connect to your cameras when outside your network. Next step is to isolate the the cameras (or the subnet they are located in) so that they can't phone home.
Right, I did not port-forward any cams..... but I also did not do anything special to stop them form phoning home. as I recall. Should I just remove the gateway info or the DNS settings in the cam. I'll look for a cliff note on this.
 

Mike A.

Known around here
Joined
May 6, 2017
Messages
3,825
Reaction score
6,377
Right, I did not port-forward any cams..... but I also did not do anything special to stop them form phoning home. as I recall. Should I just remove the gateway info or the DNS settings in the cam. I'll look for a cliff note on this.
Some won't let you leave the gateway/DNS blank. If so, then you can almost always set it to the IP of the cam itself or some other nonexistent IP on your net. That doesn't guarantee that some other 'rogue' method might not be used to find a gateway out. You also should block by IP/MAC on your router/firewall if you can. Note the latter may affect incoming remote access to the cam.
 

MacFun

Getting the hang of it
Joined
Aug 1, 2017
Messages
317
Reaction score
61
Location
Houston, TX
Linux or Windows?
I'm a Mac user that does have a Pi Zero running as a PiHole, what's the optimal time serving scenario. Let it piggy-back on any computer that is normally on and that has a UPS? Or, a dedicated Raspberry Pi? Or, something else?
 

biggen

Known around here
Joined
May 6, 2018
Messages
2,539
Reaction score
2,765
I'm a Mac user that does have a Pi Zero running as a PiHole, what's the optimal time serving scenario. Let it piggy-back on any computer that is normally on and that has a UPS? Or, a dedicated Raspberry Pi? Or, something else?
Use the same Pi you are using for PiHole. It should be as simple as sudo apt install ntp. Then point some clients to the RPi and see if they begin syncing with it.
 

MacFun

Getting the hang of it
Joined
Aug 1, 2017
Messages
317
Reaction score
61
Location
Houston, TX
Use the same Pi you are using for PiHole. It should be as simple as sudo apt install ntp. Then point some clients to the RPi and see if they begin syncing with it.
Cool beans! My Pi is sitting on a dining room chair with no UPS backup and connects WiFI only, but okay. When a cam restarts does it lose time completely?
 
Top