Disabling P2P on Dahua cameras only temporary. Reactivates and my pihole shows over 1 million attempts to access: devaccess.easy4ipcloud.com in a day

M

medzec

n3wb
Mar 15, 2021
6
8
Portland USA
PiHole Blocked Domain Count:Hits
devaccess.easy4ipcloud.com944654
www.easy4ip.com12725
www.easy4ipcloud.com2124

Model: IPC-B5442E-Z4E Dahua
FirmwareVersion: 2.800.15OG004.0.R, Build Date 2020-10-19

After disabling, after a few weeks it re-activates itself and tries to call home to easy4ip. I notice it when the dns blocker log fills up with a million attempts for two cameras in a day.

1674234697396.png
maybe I need to use one of the specific firmware in the camera wiki?
 
  • Like
  • Wow
Reactions: bigredfish and alastairstevenson
Hmmm... Hadn't looked at that since it's one of the things that I turn off when first setting up cams. But you're right. I'm sure that I had that turned off and now see that it's enabled again on two cams running that same firmware. I don't see the same with others running V2.840.15OG008.0.R, Build Date: 2022-02-18. Mine aren't Z4Es but same firmware. I don't see a ton of calls to easy4ip but I may have blackholed that in another way so might not be as apparent.
 
  • Like
Reactions: CCTVCam, medzec, fenderman and 2 others
Also, not sure how you have things set up there but best to block Internet access by the cams if you can no matter what firmware.

I don't see the calls to easy4ip since I have the gateway and DNS on the cam pointed to its own IP. That should at least stop cluttering up your logs. That's not assured to stop any trying though since I've seen some cams that will use hard-coded values to reach google's DNS or by IP 8.8.8.8/8.8.4.4 if they don't find a valid DNS and in a similar way some that search for other gateways out. And I've also seen some Dahua cams that still tried to reach easy4ip no matter how you had that setting. But that was a long time back.
 
  • Like
Reactions: fenderman, medzec and looney2ns
medzec said:
FirmwareVersion: 2.800.15OG004.0.R, Build Date 2020-10-19
Click to expand...
I had used that firmware to upgrade my LPR cams back in Jan 2021 and had problems with it. Not the same issues you are having, but had multiple restarts daily. I installed V2.800.0000000.22.R 2020-11-19 and have not had any issues since.

I have the same cam, the B5442 Z4E which is running V2.800.0000000.10.R, Build Date: 2019-11-18 (that is the version that came with the cam) and I do not have your issue. The P2P has remained unchecked since it was installed in 2020.

But I do not use a VLAN. Mine are physically isolated from the internet. No connection to a router or modem.
 
  • Like
Reactions: CCTVCam and looney2ns
medzec said:
PiHole Blocked Domain Count:Hits
devaccess.easy4ipcloud.com944654
www.easy4ip.com12725
www.easy4ipcloud.com2124
Model: IPC-B5442E-Z4E Dahua

FirmwareVersion: 2.800.15OG004.0.R, Build Date 2020-10-19

After disabling, after a few weeks it re-activates itself and tries to call home to easy4ip. I notice it when the dns blocker log fills up with a million attempts for two cameras in a day.

View attachment 151479
maybe I need to use one of the specific firmware in the camera wiki?
Click to expand...
where did you buy the camera from?
 
  • Love
Reactions: Flintstone61
@medzec, this problem was also raised in a thread back in April 2021 regarding the 3rd December 2020 firmware. Look at messages 62, 63 and 64 in this thread: IPC-T5442T-ZE IPC-T5442TM-AS latest new firmware General_IPC-HX5XXX-Volt_MultiLang_NP_Stream3_V2.800.15OG004.0.R.201203

It happened on my 5442 camera and I solved the issue back in 2021 by downloading the firmware from the official Dahua site and not using the 3rd December 2020 version. I too had noticed the calls to the easiy4ip websites in my PiHole (where they were blacklisted).
 
  • Like
Reactions: medzec, alastairstevenson, samplenhold and 1 other person
I just used the Dahua website to load firmware Device TypeIPC-HFW5241E-Z12ESystem VersionV2.840.0000000.18.R, Build Date: 2022-06-29Found New VersionRFID VersionISP VersionWEB VersionV3.2.1.1261216
is what web system stating.

Looks good, went SUPER easy. Chose the DH branded version. I did use the Microsoft EDGE browser and clicked IE mode. Took ~ 3 minutes after spending an hour trying to decide if I should risk bricking $500 of cameras.
Now, the cam previews are working without IE mode, on EDGE browser without plugin. So that is a small win.
 
  • Like
Reactions: samplenhold, Mike A. and alastairstevenson
I have to thank you all for posting about this. I have cameras and iot confined to a range of ip's, and that range has a script that sets up iptable drop for any outside requests (no chance to phone home). Normally logs stay mostly quiet and network stays happy this way. After reading this, I checked my router logs and I'll be damned...

Untitled.jpg

I immediately verified my script was for some reason not started. It could have been problems with power while I was gone over the weekend. My homeassistant did notify my of a brief outage, but router and cams are on a 40min ups. So the mystery remains until I have time to dig through logs and test things. It was just a new d6bi doorbell cam making all that traffic, but my 5442 is not phoning home (both have been running several weeks now). Anyhow, I restarted the drop rule script on my router and now it's walled off safely... just need to investigate why it was not started. Until I figure that out I put on belt and suspenders by blocking internet from that doorbell and the rest of the cam/iot using the router's built in features.

[edit: That is of course, not to say that what I have is better than hardware separation, vlans, etc.]
 
Last edited:
My NVR52x-I has P2P disabled.

But notifications on DMSS still come through without my VPN connected.
Video and notification images do not come through however.
 
  • Like
Reactions: bigredfish
If you follow best practice mentioned a few times above (block or drop outbound connections), things like DMSS likely will not work, or at least not without complicated networking workarounds. Since you use a VPN to connect remotely, there's no reason to allow outside connections from the dvr or cameras. These days it's popular for manufacturers of cameras and nvr's to have backdoors. So operating them securely requires blocking related phone home traffic on your network. You may already have a router that makes doing this simple (I know asus routers have the ability to block internet access for any client). Here's how much data my ipcam firewall rules blocked since I posted last night... that doorbell cam is chatty!

Untitled.jpg
I don't think it even matters where a camera is manufactured either... just gotta keep the bases covered period.
 
You must log in or register to reply here.
Top Bottom