How do I stop my camera trying to access 192.168.252.2 ?

S

scottydj2

n3wb
Dec 13, 2022
6
1
West Linton
Hi,

I have an Annke I51DW camera set up and working fine with BI. It is on an isloated 192.168.16.xx vlan on my network.
Every 5 minutes my firewall blocks it trying to access 192.168.252.2
I can't seem to find a way to stop this call.
Anyone provide any further info?

Thanks,

Scott
 
For starters, I'd log into the cam's webGUI and insure that P2P and uPNP are disabled.
Is there a device on the LAN with that IP?
 
Hi Tony,
From the webGUI I have pretty much everything disabled already.
I don't use a .252 subnet on my lan, and can't see anything with that address.
Thanks,
Scott
 
scottydj2 said:
Hi Tony,
From the webGUI I have pretty much everything disabled already.
I don't use a .252 subnet on my lan, and can't see anything with that address.
Thanks,
Scott
Click to expand...
Any chance you set that address as the cameras default gateway?
 
Hi Fenderman,
No, it gets its IPv4 details from the DHCP server and has correct .16 subnet gateway and DNS details.
Maybe I'll need to get a wireshark trace to dig a bit deeper.
Thanks,
Scott
 
  • Like
Reactions: fenderman
It's probably trying to find a default gateway out. What did you set as the gateway? If blank, you might try setting it to the cam's own IP. That may help keep things out of your logs at least. Or it might not if it's hard-coded to try to find a gateway when it can't. Same with DNS servers. Some will try Google's at 8.8.8.8 and 8.8.4.4 if blank or it can't find a valid DNS.
 
Perimeter said:
en.ipshu.com

http://192.168.252.2 Private Use IP WIFI

IPv4: 192.168.252.2 is Private Use IP.192.168.252.2 is an intranet IP address, which is usually allocated to mobile phones, desktops, laptops, TVs, smart speake
en.ipshu.com en.ipshu.com
Click to expand...

That's very interesting...
So camera is looking for a default gateway to the internet?
At the moment, external access to the internet IS allowed via the normal .16.1 gateway, I'm just not allowing connection to anything within my own networks.
 
Mike A. said:
It's probably trying to find a default gateway out. What did you set as the gateway? If blank, you might try setting it to the cam's own IP. That may help keep things out of your logs at least. Or it might not if it's hard-coded to try to find a gateway when it can't. Same with DNS servers. Some will try Google's at 8.8.8.8 and 8.8.4.4 if blank or it can't find a valid DNS.
Click to expand...

Hi Mike,
As mentioned above, the gateway and DNS are filled in, and connections out to the internet are not (yet) disabled. This does work, as I can use an internet NTP server successfully. It's only being caught by my firewall as the 192.168.252 subnet is being treated as an 'internal' network, and hence blocked.
Thanks,
Scott
 
Did you ever get a resolution to this?

My 151DX is doing the exact same thing, flooding my logs with hits to 192.168.252.2 (it's on a 192.168.1.x network and the .252 subnet is non existent).
The weird thing with mine is it's being blocked on an internet out rule my UCG Ultra.
 
Again, unless you need the cam to get out over the Internet, which it shouldn't be in most cases, try pointing the gateway on the cam to its own IP address. The cam may still try to get to the .252.2 address but at least won't clutter your logs.
 
Mike A. said:
unless you need the cam to get out over the Internet, which it shouldn't be in most cases,
Click to expand...
It needs to be able to send out emails.
Email, NTP and DNS are allowed out, nothing else is, so it needs to have the right gateway.

The logs shouldn't be getting cluttered anyway because this is an internal IP address, but it's trying to connect to it via the internet hence the block and log.
 
It's likely not trying to get to the Internet but looks at the .252.2 address as outside of your local address space so it's trying to go out the gateway. I don't know the Ubiquiti stuff well enough to tell you how but you should be able to set your rule/logging to exclude that subnet from logging or, alternately, permit the traffic so it doesn't throw the warning. It's still within private address space so the traffic won't be routable to be going anywhere outside.
 
Mike A. said:
It's likely not trying to get to the Internet but looks at the .252.2 address as outside of your local address space so it's trying to go out the gateway.
Click to expand...

Makes sense.
Mike A. said:
I don't know the Ubiquiti stuff well enough to tell you how but you should be able to set your rule/logging to exclude that subnet from logging or, alternately, permit the traffic so it doesn't throw the warning.
Click to expand...
There seems to be a few people complaining about the way the UCG Ultra does its logging.
There doesn't seem to be any way to turn the logging off on a trigger.

I was considering just allowing that particular subnet.
I will still have an issue with my Reolink poe floodlight camera which also persistently tries to reach the internet, but at least that's trying actual public addresses.
 
  • Like
Reactions: Mike A.
Also, there may be somewhere within the settings to try to shut down the origin on the cam. I've not noticed the same on my I61s but might go through all of the services and make sure everything is shut down. Also could be that since you have things blocked and it can't find some outside connection that it wants to make, it then tries to find another gateway out. See that sort of thing with a lot of cams. Could test it by temporarily removing the mail/NTP/DNS limitations to see if it stops. But then also like a lot of others it may just be something that it does in the background no matter how you have things set.
 
I've looked at seemingly everything and i can't find anything that it might be.
I'm sure it's just one of those hard coded things that cam manufacturers love to do.
 
Probably. I have a bunch that try to do all kinds of things. Once you have good visibility into your network you see how much of it there is. Gets to be annoying with cluttered logs, etc. even if it's not going anywhere.
 
  • Like
Reactions: looktall
Oh here's another interesting one for this camera.

It's also trying to access 192.168.2.1

I know this because i have that address set up on my UCG as a honeypot.
It seems to be doing it several times one after the other every 7 days, but only started doing it last week (and the camera has been online since before then).

Just IP camera things.
 
  • Like
Reactions: Mike A.
You must log in or register to reply here.
Top Bottom