Menu
What's new

Dahua NTP setting

N

Noki

n3wb
Joined
Sep 24, 2019
Messages
19
Reaction score
3
Location
Work
Currently I have a Dahua 4108 NVR connected to Dahua cameras. On the NVR and cameras, NTP is both unticked. When looking at the stored video, it time appears to correlate with the NVR as the cameras are slightly out of sync. I have noticed the NVR time slowly goes out of sync with the real time, so I manually use the "sync PC" command.

Instead of having to do this manual sync, I was wondering about using the NTP option. Currently my router blocks all outgoing ports from the NVR with the exception of port 8888 to enable notifications to be sent when the tripwire is triggered. I ticked the NTP option and also "manual update" not expecting it to work as port 123 outgoing is blocked. However it seems to sync with NTP. Now several days later, the time still is syncing perfectly so I assume the NTP is working.

This leads me to the question, why NTP is working even though outgoing port 123 is blocked.
 
user8963

user8963

Known around here
Joined
Nov 26, 2018
Messages
1,465
Reaction score
2,315
Location
Christmas Island
What time server do you use? Many routers have their own timeserver ... you need a real firewall to block internal connections. if its going through a switch direct to the same subnet its hard to block it, need real enterprise equipment.
 
N

Noki

n3wb
Joined
Sep 24, 2019
Messages
19
Reaction score
3
Location
Work
I am using the pool.ntp.org timeserver. I have an Asus router using VPN but also have outgoing connections blocked for the NVR IP. I think the router is blocking all outgoing connections from the NVR correctly. When I have tested blocking the entire IP address of the NVR, tripwire notifications do not get sent to my phone. If I block the IP address of the NVR with the exception of port 8888, it starts sending the notifications again.

I always assumed the NVR sends out a signal to the NTP pool server to update the time. But if outgoing connections are blocked, I am not sure why the time hasn't gone out of sync as it previously was.
 
user8963

user8963

Known around here
Joined
Nov 26, 2018
Messages
1,465
Reaction score
2,315
Location
Christmas Island
Asus Routers are for home usage. You cannot do the same things like an enterprise firewall. Some routers tends to allow some known-good services, even if you have a block all rule.
Those are toys. If you need enterprise features you need an enterprise firewall.

Or maybe you just misconfigured it :idk:
 
N

Noki

n3wb
Joined
Sep 24, 2019
Messages
19
Reaction score
3
Location
Work
Thanks again. Yes this is for a home setting. I will check if the router is opening port 123 by default regardless of the settings.
 
user8963

user8963

Known around here
Joined
Nov 26, 2018
Messages
1,465
Reaction score
2,315
Location
Christmas Island
i would track what server is really ask for time if there is any possibility of logging.

should be quick and easy.. just open log and click manual sync.
 
biggen

biggen

Known around here
Joined
May 6, 2018
Messages
2,594
Reaction score
2,902
Noki said:
Currently I have a Dahua 4108 NVR connected to Dahua cameras. On the NVR and cameras, NTP is both unticked. When looking at the stored video, it time appears to correlate with the NVR as the cameras are slightly out of sync. I have noticed the NVR time slowly goes out of sync with the real time, so I manually use the "sync PC" command.

Instead of having to do this manual sync, I was wondering about using the NTP option. Currently my router blocks all outgoing ports from the NVR with the exception of port 8888 to enable notifications to be sent when the tripwire is triggered. I ticked the NTP option and also "manual update" not expecting it to work as port 123 outgoing is blocked. However it seems to sync with NTP. Now several days later, the time still is syncing perfectly so I assume the NTP is working.

This leads me to the question, why NTP is working even though outgoing port 123 is blocked.
Click to expand...
Are you sure you are blocking all outgoing from the subnet/VLAN the cameras are located in? You should put a laptop/computer in that same subnet and see if you can access anything on the internet to test with.
 
N

Noki

n3wb
Joined
Sep 24, 2019
Messages
19
Reaction score
3
Location
Work
Thanks all. I think I may have worked out the problem. I had blocked the NVR IP (except port 8888). However, I only did it for TCP. Just reading this great forum, came across the statement that "NTP uses UDP on port 123". Although I am blocking the NVR outgoing connections, it is only for TCP but not UDP. I will try blocking UDP and see if that blocks the NTP. If it does then I will leave an exception for port 123.

Out of interest, does anyone know whether the Dahua NVR uses the UDP ports for anything other than the NTP.
 
biggen

biggen

Known around here
Joined
May 6, 2018
Messages
2,594
Reaction score
2,902
Noki said:
Out of interest, does anyone know whether the Dahua NVR uses the UDP ports for anything other than the NTP.
Click to expand...
No way to know. Just block everything!
 
You must log in or register to reply here.
Top