HDW4431C constantly trying to contact a china IP address

sumguy

Young grasshopper
Joined
Jan 23, 2016
Messages
80
Reaction score
11
I have a pair of IPC-HDW4431C-A bought directly from China in 2016 with english firmware. They have different lenses and their firmware might be slightly different. The one in question has firmware 2.420.0000.17.R, build : 2016-03-13. I've configured my router to allow the cameras to connect to a small set of external IP's and block all others. I haven't looked at the routers logs for a while, but I recently did and notice that this one camera is trying constantly to make a UDP connection to 120.26.11.187 on port 8800. That IP belongs to Aliyun Computing (China's version of Amazon AWS I think). I've configured the camera's DNS servers to point to a null local LAN address and have turned off or disabled every type of access protocol I can see in the camera's setup. Any idea what's going on here? I'd like to make it stop so that it doesn't flood my syslog server with useless junk.
 

Hammerhead786

Pulling my weight
Joined
Apr 23, 2018
Messages
232
Reaction score
144
If the IP address is hardcoded then pointing the DNS servers to a null address is not going to do anything. It is the default gateway that needs to be pointed to a null address. You should not be allowing your cameras any type of internet access. This is why it is recommended to use vlans to segregate your network and a VPN to access cameras externally. I'd suggest you take a look at the Cliff Notes and the Wikis.
 

sumguy

Young grasshopper
Joined
Jan 23, 2016
Messages
80
Reaction score
11
These are cameras that I want to be able to access from a few remote locations without using VPN. My ER3 router is blocking the camera's internet access from all but a very small set of IPv4 locations. I take it then that there is no known legit reason (ie some config setting) for the camera to be hitting that Chinese IP? The only thing I can think of is that this could be caused by DDNS which I seem to not be able to change - it always seems to revert to a dahau DDNS setting after I set it to a Private DDNS setting and save it. I don't have a check in the enable box so it shouldn't even be trying to do DDNS.
 

mat200

IPCT Contributor
Joined
Jan 17, 2017
Messages
5,490
Reaction score
3,306
These are cameras that I want to be able to access from a few remote locations without using VPN. My ER3 router is blocking the camera's internet access from all but a very small set of IPv4 locations. I take it then that there is no known legit reason (ie some config setting) for the camera to be hitting that Chinese IP? The only thing I can think of is that this could be caused by DDNS which I seem to not be able to change - it always seems to revert to a dahau DDNS setting after I set it to a Private DDNS setting and save it. I don't have a check in the enable box so it shouldn't even be trying to do DDNS.
Hi @sumguy

Chinese Market cameras clearly have firmware which is designed to connect to Chinese IPs devices.

Legit reason? Probably - The Chinese Government does mandate that numerous Chinese IT / internet tech be "home based", thus what you are experiencing might be legit in their view, and having a record of cameras would be useful.
this way the cameras can be in effect registered in a central location, and can be useful for say... Example if it is located in HK and they needed to ID any rioters / terrorist in HK in an area....
 

sumguy

Young grasshopper
Joined
Jan 23, 2016
Messages
80
Reaction score
11
Like I said, I have 2 such cameras (ordered same time from same vendor) the only difference is one has 2.8 lens the other has 3.6 lens.

The 3.6 lens has firmware 2.420.0000.21.R, Build Date: 2016-07-24
The 2.8 lens has firmware 2.420.0000.17.R, build : 2016-03-13

The one trying to contact the china IP is the one with 2.8 lens. Interestingly, that one has IVS event detection (8 type, tripwire, people, etc) while the 3.6 lens does not have IVS.
 
Top