NVR continually contacts many Dahua Websites

[Nick70068]

WTH! I installed a firewall in front of my NVR5208-8P-4KS2E, (firmware V4.002.0000000.7.R.240717) and noticed it continually tries to contact many Dahua servers, including their international servers in China and Europe.
Nowhere do I find any information, documents or warning that the NVR will be sending out information to these servers. And what is being sent, I do not know?
I find this to be very deceptive.

Not knowing what or why this is happening, I have the firewall to block all outbound traffic.

 

[bigredfish]

Thats P2P probably, contacting teh P2P servers to see if there are push messages and whatnot. . If you arent using P2P to access your NVR remotely, turn it off.

 

[bigredfish]

..my bad, those are allowed flows. P2P

 

[bigredfish]

You’ll see lots of things that make you scratch your head with that device. It’s awesome for the price. Seeing actual net flows from devices at first can be like WTF?

Don’t look at your Internet connected TV. You’ll shit your pants

 

[Nick70068]

Still, Dahua should disclose this in their documentation and state the purpose, and what data is being sent back and forth.

P2P is off, and all ports are closed. Firewalla set to block all outgoing and incoming connections except for mine.

I remember setting up a honeypott years ago that was never advertised. It was amazing how fast and how many people connected to it, only to find a webpage that said that they connected illegally to an FBI Computer and that their IP address, and geolocation was being logged.

 

[looktall]

There's all sorts of things going outbound by nvrs and cameras.
There'll be p2p stuff (even if turned off I reckon there's still a heartbeat of some sort), there'll be notification stuff, email, time server, checking for updates etc etc.

Almost all of it would be pretty harmless, but you can't know exactly what is being sent so that's something you'll have to either accept or decline (by preventing interest access).
Blocking internet access can be tricky if you want to allow certain functions but it is possible.

 

[bigredfish]

Turning off P2P showed zero activity on my NVR today for about 6 hours. I can assure you that's what it was and its harmless compared to most other items on your LAN

 

[iwanttosee]

Don't put a gateway address on the NVR.

 

[Mike A.]

Don't put a gateway address on the NVR.

Not sure about the NVRs but I've seen some Dahau (and other) cams that will try to find default gateways and try hard-coded DNS addresses (8.8.8.8, etc.) when the gateway and DNS entries are left blank or set to 0.0.0.0. Setting them to the IP of the cam itself has worked where that happens.

Best practice is to just block it completely at the firewall for all of them.

 

[oh6hfx]

It's the same also with DMSS. Once I installed the app in my phone which is connected in my home wi-fi, firewall blocked my phone because of too many sessions open. Looking at the log it connects the devices in the list via P2P and also there is connections coming from devices to the phone.
With gDMSS there was not this problem... had to make an exception in the firewall rules to let traffic trough for the phone.

 

[Carcus]

I would hate to see how much meta data is going to Google and Microsoft from my Android and Windows computers.

 

[looktall]

I would hate to see how much meta data is going to Google and Microsoft from my Android and Windows computers.

Many of the people that complain about their cameras and nvrs talking on the internet and phoning home etc are perfectly happy to use mobiles phones which do exactly the same thing.

 

[Carcus]

Many of the people that complain about their cameras and nvrs talking on the internet and phoning home etc are perfectly happy to use mobiles phones which do exactly the same thing.

My point exactly...

 

[looktall]

Turning off P2P showed zero activity on my NVR today for about 6 hours. I can assure you that's what it was and its harmless compared to most other items on your LAN

I had to reset a camera today that was giving me some trouble.
After the reset it suddenly started flooding my logs with block notices.
I had forgotten to turn off auto update. So I turned that off but it was still flooding the logs.
I had to dig through the settings to find another setting I had forgotten to turn off.... TR069.
Now I'm not sure how common it is for cameras to have that function (it's pretty common in routers) but none of my other cameras have it, at least none of them have it visible in the settings.
I would put money on the majority of cameraa having it hard coded and hidden.

 

[bigredfish]

I had to reset a camera today that was giving me some trouble.
After the reset it suddenly started flooding my logs with block notices.
I had forgotten to turn off auto update. So I turned that off but it was still flooding the logs.
I had to dig through the settings to find another setting I had forgotten to turn off.... TR069.
Now I'm not sure how common it is for cameras to have that function (it's pretty common in routers) but none of my other cameras have it, at least none of them have it visible in the settings.
I would put money on the majority of cameraa having it hard coded and hidden.

Where did you find that setting?

 

[bigredfish]

I'm wondering how those of you who want to put your NVR deal with the same issues with your PC?

If you want to use P2P it has to communicate with P2P servers, if you want it to send mail you have to allow it to talk to your mail server, etc..

I understand being smart about it, but is their some magic that PC/BI has that allows it to communicate with external sources without,... communicating with outside services?

I think like I mentioned, most people who've never seen a firewall interface with IDS/IPS with traffic flows will be amazed how much communication various devices have with the outside world.

 

[Carcus]

I'm wondering how those of you who want to put your NVR deal with the same issues with your PC?

If you want to use P2P it has to communicate with P2P servers, if you want it to send mail you have to allow it to talk to your mail server, etc..

I understand being smart about it, but is their some magic that PC/BI has that allows it to communicate with external sources without,... communicating with outside services?

BI guys use VPN.

But email and notifications would have to go out to the internet through third party servers.

Email you could host yourself I guess but notifications would go through apple and google notification servers.

 

[bigredfish]

I use VPN sometimes also. Sometimes I use P2P.
OpenVPN uses a dedicated open port

 

[bigredfish]

Since 2014, I've made it a habit, and tell every noob here on initial startup to DISABLE Auto Updates (you do that on your PC's too right and DISABLE P2P
These are the first two things asked when you initialize a camera.

 

[looktall]

Where did you find that setting?

It's in a shitty grandstream camera I have.
It wasn't hidden. It was just in the network settings like you might find for email or something in any other camera.