How do DMSS push notifications work?

X

xlarons

Young grasshopper
Apr 16, 2018
71
17
UK
Hi,

Quite surprised that my DMSS app receives push notifications when I am away from home.

I can't view the footage without VPNing back home, which I expect.

But it makes me wonder how the notifications are getting to my phone, is the app and NVR connected to some sort of "Dahua cloud" which does it?
 
wittaj said:
If you have P2P enabled that is how. Or you port-forwarded.
Click to expand...
Definitely not port forwarding, but p2p......hmm.....Gonna check now. Don't know what that is but don't like the sound of it

@wittaj yep, p2p was on. Turned it off whislt I'm Gonna read up on what it is and what security risk it presents

Interesting when I went to turn p2p off it said this "P2P connection is different from mobile push function. If you want to stop pushing alarm information to remote client, please go to SETTING->SECURITY->System Service->Basic Services and disable the function of "Mobile Push Notifications"."
 
I don't suppose you know what these things open up please @wittaj ?

If the top box "mobile push notifications" is on, even if p2p and upnp are off, it works. Curious to know what holes these punch in my security :angry:

Screenshot_20231024-155039~2.png
 
@xlarons, I have P2P turned off and don’t use port forwarding. I have blocked all internet access to and from my cameras and NVR via my firewall. I have allowed port 587 for email outgoing from cameras and NVR. Also allow ports 8888 and 2195 outgoing from cameras and NVR for the DMSS notifications. I receive DMSS notifications when my iPhone is on the local LAN and when I am on cellular. When on cellular, I access my cameras and NVR via VPN. I run WireGuard and OpenVPN VPNs from two Raspberry Pi. I am running a syslog server and whenever there is a notification from a camera or NVR, the syslog server shows me the messages from the firewall - traffic out on 587 to my email provider and traffic out on ports 8888 to an Amazon Web Server address for the notification and traffic out to an Apple network 17.188. 170. 138 on port 2195 For the notifications. My firewall logs all messages to my syslog server and the only traffic that leaves my cameras and NVR is through the three ports outlined above that I have permiited. I am using a Ubiquiti USG Pro 4 as my router. in my cameras and NVR I have “mobile push notifications“ enabled.
 
  • Like
Reactions: H. Swanson and xlarons
awonson said:
@xlarons, I have P2P turned off and don’t use port forwarding. I have blocked all internet access to and from my cameras and NVR via my firewall. I have allowed port 587 for email outgoing from cameras and NVR. Also allow ports 8888 and 2195 outgoing from cameras and NVR for the DMSS notifications. I receive DMSS notifications when my iPhone is on the local LAN and when I am on cellular. When on cellular, I access my cameras and NVR via VPN. I run WireGuard and OpenVPN VPNs from two Raspberry Pi. I am running a syslog server and whenever there is a notification from a camera or NVR, the syslog server shows me the messages from the firewall - traffic out on 587 to my email provider and traffic out on ports 8888 to an Amazon Web Server address for the notification and traffic out to an Apple network 17.188. 170. 138 on port 2195 For the notifications. My firewall logs all messages to my syslog server and the only traffic that leaves my cameras and NVR is through the three ports outlined above that I have permiited. I am using a Ubiquiti USG Pro 4 as my router. in my cameras and NVR I have “mobile push notifications“ enabled.
Click to expand...
That's awesome, I think I need a router capable of this level of adjustment of the firewall.
 
Curious, if anyone else is having this occur? Like the original poster, I my P2P disabled in my Dahua NVR & Dahua cameras. I have port forwarding disabled in my router. I have OpenVPN setup in my router & can only access my camera feeds via my local network or VPN, but I still get mobile push notifications from the DMSS app when connected to a cellular network with my VPN disconnected. I've re-installed the app & no change in this behavior.
 
General ideas to keep in mind.. Once you turn off P2P it will still try for a couple of hours before the server outside stops pinging the NVR..

Second the area of Security in the picture above isn't where the P2P magic stuff happens.. By the way I have over 10 recorders and all have P2P enabled, Also have over then my share of cameras connected on my normal network that have P2P enabled and from a few different companies.. None of my systems have been hacked and P2P of today is much safer then it was once years ago and trillion % safer then doing an open port connection to the internet for IP access from the outside that is just asking for hack attempts with in less then 48hrs in my cases when I have done some controlled testing..

Anyway if you want to turn off the P2P then you will no longer get notices while away.. You do this from your NVRs Main menu, Network, IT would be under P2P and or under something like Access Platform.. Anyway once you get there uncheck the P2P box and wait.. This can take a couple of hours before you notice ping request to stop after being turned off.. This is because the servers job is to always reach out and make sure the device is still active to keep a hole punched though your firewall to grant access to your NVR from your Apps if you request it.. If it didn't keep this info on a constant update loop then it would take 1 to 3 min every time you wanted to connect to your device from outside.. You know part of what it takes to setup a new connection.. That just don't work for people wanting to have fast access on the go..
 

Attachments

  • Screenshot (3874).png
    Screenshot (3874).png
    66.3 KB · Views: 7
  • Like
Reactions: bigredfish
Revo2Maxx said:
General ideas to keep in mind.. Once you turn off P2P it will still try for a couple of hours before the server outside stops pinging the NVR..

Second the area of Security in the picture above isn't where the P2P magic stuff happens.. By the way I have over 10 recorders and all have P2P enabled, Also have over then my share of cameras connected on my normal network that have P2P enabled and from a few different companies.. None of my systems have been hacked and P2P of today is much safer then it was once years ago and trillion % safer then doing an open port connection to the internet for IP access from the outside that is just asking for hack attempts with in less then 48hrs in my cases when I have done some controlled testing..

Anyway if you want to turn off the P2P then you will no longer get notices while away.. You do this from your NVRs Main menu, Network, IT would be under P2P and or under something like Access Platform.. Anyway once you get there uncheck the P2P box and wait.. This can take a couple of hours before you notice ping request to stop after being turned off.. This is because the servers job is to always reach out and make sure the device is still active to keep a hole punched though your firewall to grant access to your NVR from your Apps if you request it.. If it didn't keep this info on a constant update loop then it would take 1 to 3 min every time you wanted to connect to your device from outside.. You know part of what it takes to setup a new connection.. That just don't work for people wanting to have fast access on the go..
Click to expand...

I appreciate it! I disabled P2P last weekend but I'm still getting the mobile push notifications today when not connected to my VPN or home network. I've restarted my NVR & cameras multiple times since then as well while adjusting other settings. I do have 'Mobile Push Notifications' enabled though. I went ahead & disabled this & now I'm no longer getting push notifications through the DMSS app at all. I'm only getting the email alerts I setup. I do like the mobile push notifications though, since they give me an audible indication whereas an email doesn't. I'm just surprised the NVR could send me those notifications with P2P disabled.
 

Attachments

  • Mobile Push.png
    Mobile Push.png
    45.4 KB · Views: 1
  • P2P.png
    P2P.png
    29.6 KB · Views: 1
Well there is a post here about that issue. .Oddly I tested and I was also getting push after I disabled.. However after a few different things that has stopped and to the extreme. After I enable my Dahua and my Amcrest cameras to use P2P again and even turning my cell phone back to my local area network connection I am no longer getting push on events on the 2 cameras.. So I go to the Event type disable it and enable it again and still no notices on either Dahua/DMSS or my Amcrest App lol. geez They fixed it fast but to what end.. You still getting notices? I am not.. Crazy lol..
 
  • Like
Reactions: AMarkham40
Yep see this investigative thread:

bigredfish

Thread 'Dahua NVR, DMSS and P2P - How are they connected?'

So this is just a thread on my own testing/research of Dahua NVRs and how they interact with Dahua P2P and the DMSS app. YMMV
It can get quite complicated....and I caution that there have been different results from past versions of the DMSS app. SO, if you're using an old version of the app you may see different results.


Lets start with how a Dahua NVR (older model NVR5216-16P-4K2SE) interacts with the DMSS app (Version - 1.99.842 / 11/12/2024 - reasonably new) to send you push alerts
I have no reason to believe that newer NVRs do this any differently.

Assumptions:
I was always...
  • Like
 
  • Like
Reactions: AMarkham40
You must log in or register to reply here.
Top Bottom