Dahua NVR/ gDMSS getting to cameras from internet

a500drvr · Jan 18, 2017

Looking for ideas. Been stalking the forum for a while finally purchased and installed my system. CAT6 cables throughout... Home setup was good, camera setup went smooth..all working and good.

Have gDMSS installed on my phone and it connects to my system!!!! Now this is the bad part. I did not do any port forwarding. I was setting up VPN and then going to use the application to view my cameras...VPN has not enabled..

If I scan my firewall I show no ports open.

Android is using 4G not wi-fi....

I have looked through all the NVR settings and cant find anything either.

I am perplexed...I am a network and security engineer...I should know this.

I need you Dahua experts to help me understand this... Nayer? Fenderman?

nayr · Jan 19, 2017

Universal Plug and Play - Wikipedia forwards ports all by its self without your setup; its horribly insecure and you should disable it on your router, there's also the p2p feature that will reverse tunnel out even if uPNP is disabled.

a500drvr · Jan 19, 2017

Meraki MX device. Does not forward Universal P&P. Looking through all the settings and their documentation... Im perplexed.. maybe need to get to the cli and look at the logs, gui logs dont show anything

alastairstevenson · Jan 19, 2017

a500drvr said:
I am perplexed...I am a network and security engineer...I should know this.

Check the outbound traffic from the LAN for P2P destinations. No inbound rules required.

a500drvr · Jan 19, 2017

Update for all....fixed..

tcpdump on traffic... Dahua NVR sends udp port 17 traffic to AWS....54.183.155.14.. same systems sends udp back...keeps session and flows open..(found no documentation of this , as NVR has nothing configured)

when you use the mobile app Mothership just connects to the open session..YOUR NVR....

So probably not too bad, wanted to set up VPN... But unless NVR first established connection, port is not open to the outside..

Nayr thoughts?

nayr · Jan 19, 2017

Thats the P2P Functionality, you can disable it

a500drvr · Jan 19, 2017

I just blocked in my firewall. I didnt see it enabled in the software. Ill look through the manual again

a500drvr · Jan 22, 2017

Update...

UPnP ( Universal Plug and Play was disable in the NVR. However NVR was still communicating with the Internet.

Upon further investigation Dahua has EASY4IP enabled... Not a good configuration to have open.

Thanks Nayr and others for the input

Search

Dahua NVR/ gDMSS getting to cameras from internet

a500drvr

n3wb

nayr

a500drvr

n3wb

alastairstevenson

a500drvr

n3wb

nayr

a500drvr

n3wb

a500drvr

n3wb