I'm at 36 hours with P2P off and still getting the push notices, just cant view the pic or video clip
I've rebooted NVR and Phone 2x each
I've rebooted NVR and Phone 2x each
Dahua NVR, DMSS and P2P - How are they connected?
- Thread starter bigredfish
- Start date
Ok they are working again.. Strange.. I had to remove the app from the camera and add it back with P2P before it would come back and there is now some new options that was not there before WHAT THE HECK.. Looks way cooler with more options then before.. I didn't change the app only added the camera back to the app dang..
Attachments
LOL Hold on need to get another beer.. LOL. Everyone thinks I am crazy I am it is all good.. "
I added back a picture again in an edit lol. But yeah really it did go offline and had to remove from app and add it back before it would start pushing again..
I added back a picture again in an edit lol. But yeah really it did go offline and had to remove from app and add it back before it would start pushing again..
Can you bypass the potential privacy and security concerns by firewalling the NVR IP and only accessing the NVR via VPN - using a web browser (on your phone) and not the app?
And now I have turned it off lol and I get an alert that it is off.. I just want to wait until I know for sure that I am not going to get another alert after being turned off. Waiting for another vehicle to go by... If I post the offline picture then it did in fact not alert after I turned off p2P.. THen I know problem is solved car just turned before getting to the cameras view lol still waiting.. Car went by shows on my AI view on my NVR and Not Push to phone
Attachments
Sure, but I think you'll break push notifications. I'll add that to the testing.
Understand my hypothesis is that the push notification function isnt really the security issue. I started this by wanting to prove that the recent reports of "hacks" were a result of old software (SmartPSS) and not the P2P function or push alert ecosystem. I still believe that.
Well it is strange that yours has not gone off and force to remove and add back the camera to the app.. As i said doing so have changed the look of the app.. I am also on the 12-05-2024 version so that might be the difference. I don't think any Hack over P2P is a current thing from Amcrest or Dahua apps. I can't say about others I know there are many devices out there that are not secure and I know there are some people that have connection issues and un check secure connection without knowing it puts them at Risk.. For a year I have tried to warn some but as of Now I don't think I need to help in that way anymore lol.. Still a Pizza Joint that didn't listen lol But I tried..
I've already pretty much proven on my FW that P2P is NOT needed for the push alert itself, only to view the snapshot/video clip. I see it in the firewall logs clearly. Push alerts arent going through Dahua P2P servers. They are going to push.messagepush.org on Amazon servers
Last edited:
But difference is Though and pass.. P2P is passed off for a Peer 2 Peer not a cloud though service. Only middle man is Ping to hand off app to device and the connection is Encrypted only thing that was last I checked plain text was the SN and without the other it don't really matter.. It was a while I did testing with what happened on connection when people were like can I do it at a cafe.. I was like sure as long as you don't sit in the sight of a camera and or someone isn't watching you put in your password while logging into the desktop app you know kind of thing. If someone is data mining only data they could get was SN.. Does no good without knowing the Encryption type and method..
I don't want to cross the line of nosiness, but would you care to make a statement about any suicidal tendencies? Remember the AI guy just last week....
@bigredfish
Thanks for the effort you put into this DMSS investigation. I can confirm ( my own observations) that for receiving push messages it is not needed to have a DMSS account or P2P enabled, however the result could still depend on the hardware / firmware version used in the NVR and the alarm type triggering a push message.
An other observation - regarding push messages send by the NVR - :
Using a Android phone with DMSS installed , the push messages from the NVR are only send out via port 443 to a server '35.82.242.85'. When adding a IOS Ipad with a new configured DMSS, the push message are also send out via port 8888 to server "18.184.87.16".
To receive push message you must allow your firewall to egress port 443 and/or 8888 of the NVR.
When setup the alarm subscriptions in DMSS , the App needs acces to the NVR otherwise these can not be set. It looks like, any device with a DMSS App installed will create a kind of entry (unique device id) on the NVR to subscribe itself to the push messages set in the DMSS App w.r.t. Android or IOS.
Thanks for the effort you put into this DMSS investigation. I can confirm ( my own observations) that for receiving push messages it is not needed to have a DMSS account or P2P enabled, however the result could still depend on the hardware / firmware version used in the NVR and the alarm type triggering a push message.
An other observation - regarding push messages send by the NVR - :
Using a Android phone with DMSS installed , the push messages from the NVR are only send out via port 443 to a server '35.82.242.85'. When adding a IOS Ipad with a new configured DMSS, the push message are also send out via port 8888 to server "18.184.87.16".
To receive push message you must allow your firewall to egress port 443 and/or 8888 of the NVR.
When setup the alarm subscriptions in DMSS , the App needs acces to the NVR otherwise these can not be set. It looks like, any device with a DMSS App installed will create a kind of entry (unique device id) on the NVR to subscribe itself to the push messages set in the DMSS App w.r.t. Android or IOS.
@bigredfish what firmware is your Dahua NVR5216-16P-4K2SE? I have the NVR5216-4KS2 V3.216.0000006.0, Build Date: 2019-02-23 and want to do some testing as well. Which ports do you have open right now? I have TCP 443 no traffic, and TCP 8888, 2195 have traffic.
I have no explicit ports open on my router or firewall. I also dont explicitly deny outbound traffic other than some specific connections I see in the Firewall and a few blanket rules the Firewall defaults to like Ad servers and known bad stuff.
The NVR flows are as below. Each time its a different random port out in either the 46000 range or 58000 range and going to either UDP 8800 range or TCP 15000 range.
Other than consistency in the ranges, I see no pattern
Only connection other than shown is the occasional connecting to my mail server to send email alerts
I'm NOT a network engineer type. I'm just barely smart enough to figure out what I have.
The NVR flows are as below. Each time its a different random port out in either the 46000 range or 58000 range and going to either UDP 8800 range or TCP 15000 range.
Other than consistency in the ranges, I see no pattern
Only connection other than shown is the occasional connecting to my mail server to send email alerts
I'm NOT a network engineer type. I'm just barely smart enough to figure out what I have.
Late to the party, but I'll throw in the info I gathered a couple years ago for those in the future looking into all the connectivity that happens.
I have the VTOsomethingsomething model while using Blue Iris (not a Dahua NVR). I wanted the intercom press to push notification & 2 way video/talk to my DMSS app on smartphone WITHOUT hitting Dahua servers, without P2P turned on. I accomplished this feat. I would have to dig up the forum post of my venture but the Dahua VTO does a push notification to Google for Android and different location for Apple servers. The video/audio was sent to my phone via VPN always on. All verified by watching the IP packets via WireShark.
ah...here it is:
still tinkering with my GDMSS app & push notifications for a VTO. How to troubleshoot no push notifications? Wiresharking! Here is what I have found out so far.
may need @catcamstar to jump in this one
Network background:
using Android smartphone (Pixel 4XL) with VPN always connected
VTO is on my camera network of 192.168.4.19 ; 2 VTH's at 192.168.4.20 and .21
Ubiquiti RADIUS VPN server network on 192.168.5.xxx
When the VTO 'call' is pressed, a SIP session is requested from the VTO to the VTH's.
At line 33, the VTO contacts outside of my network to Google at 216.239.36.55...
may need @catcamstar to jump in this one
Network background:
using Android smartphone (Pixel 4XL) with VPN always connected
VTO is on my camera network of 192.168.4.19 ; 2 VTH's at 192.168.4.20 and .21
Ubiquiti RADIUS VPN server network on 192.168.5.xxx
When the VTO 'call' is pressed, a SIP session is requested from the VTO to the VTH's.
At line 33, the VTO contacts outside of my network to Google at 216.239.36.55...
Last edited: