Is anyone else aware of their Dahua Starlight trying to "call home" all the time?

[rcx664]

I installed my CCTV network a few years ago and pretty much forgot about it, until recently when I had to diagnose a faulty server on my home internet (I'm a geek so have all sorts on my network). I looked at my router logs and found that floods of connection attempts (blocked by my strict firewall), of devices trying to connect to an alibaba.com IP address. Turns out it's my Dahua Starlight cameras.

The connections are being blocked so not huge deal, but does anyone know if this is normal? What are the cameras trying to do? And any way to disable the behaviour?

 

[IAmATeaf]

Who did you get your cams from?

 

[drewgost]

I installed my CCTV network a few years ago and pretty much forgot about it, until recently when I had to diagnose a faulty server on my home internet (I'm a geek so have all sorts on my network). I looked at my router logs and found that floods of connection attempts (blocked by my strict firewall), of devices trying to connect to an alibaba.com IP address. Turns out it's my Dahua Starlight cameras.

The connections are being blocked so not huge deal, but does anyone know if this is normal? What are the cameras trying to do? And any way to disable the behaviour?

can you post a couple of the logs?

 

[catcamstar]

Some outbound connections are required if you use push notifications to your mobile device. As you block those, you should have experienced that this service did not work.

If you want to know what is happening, use tcpdump and do packet inspection. But you have already setup your network in the most secure way possible (block all), although I personally prefer to have these unwanted communications in a separated vlan so these connections can never land on my internal vlan with NAS for example.

Good luck!
CC

 

[rcx664]

I may have bought some of the cameras from different vendors, some came from Andy (I think that's his name - reliable friendly trader known on this forum) and some may have come off eBay, I'll need to check.
I'll post some sample logs. I'll take a look at tcpdump, but when it comes to packet level/ARP stuff I don't really know how any of that works.

@catcamstar I did think about putting the cameras on an isolated part of the network. Would VLAN work if I have different devices that need to be isolated from each other but are plugged into the same switch? Eg in my garage I have a single switch and both my garage computer and garage CCTV camera are both plugged into the same switch.

 

[rgonyer]

I may have bought some of the cameras from different vendors, some came from Andy (I think that's his name - reliable friendly trader known on this forum) and some may have come off eBay, I'll need to check.
I'll post some sample logs. I'll take a look at tcpdump, but when it comes to packet level/ARP stuff I don't really know how any of that works.

@catcamstar I did think about putting the cameras on an isolated part of the network. Would VLAN work if I have different devices that need to be isolated from each other but are plugged into the same switch? Eg in my garage I have a single switch and both my garage computer and garage CCTV camera are both plugged into the same switch.

If you have a managed switch, you should be able to assign each port to a separate VLAN.

 

[catcamstar]

If you have a managed switch, you should be able to assign each port to a separate VLAN.

That's correct, if these vlans are "propagated" across all managed switches, then you can 'extend' these vlans across the physical network. However, if you want other devices, not from a vlan, to "join" the network (eg connect your mobile device which should fall into a non-cam-vlan), then you need more than a managed switch: then you need some kind of routing to allow (wifi) vlan into the cam-vlan. Now, some managed switched do allow (limited and underperforming) L3 routing (these are bit more expensive), however there are tons of vlan capable routers (which do underperforming L2 switching). In the ideal world, you seperate your routing and your (managed) switching.

Happy camming!
CC

 

[mumbles76]

Does it have any cloud-based features? Like SMD or Analytics+? Most alibaba.com ip addresses you hit are hitting their version of AWS. So it may just be a hosted service for one of these features.

Just my .02 on what it may be.

 

[achalmersman]

Yea. I have my camera vlan blocked from internet access and can see them trying to reach out all the time. I actually disabled logging for that rule but I'll re-enable it because now you've got me trying to remember where they were trying to reach.

Sent from my SM-G965U using Tapatalk