Set IP Cams to 0.0.0.0. Default Gateway & NVR Too ??? I want to prevent internet access for cams & NVR

[asalarml13]

Hello...
Nub here... I'm hoping to learn a lot from all the smart folks online : )
My home network has overwatch from a 3rd party surveillance vendor, and I'm migrating away toward oversight of my own network and researching routers, etc.
My question is... what can I do to ensure my IP cameras DO NOT access the internet and the NVR like wise does not access the internet?...the vendor can use OVRC to view/control the components.
If I set the default gateway for all IP Cams to 0.0.0.0 and the NVRs default gateway to 0.0.0.0 will that do the trick? I'm 100% satisfied with viewing all on my LAN . Once I achieve this, I'll procure the IT hardware for my own router, switch, etc. away from OVRC enabled equipment.
Thank you everyone !!

 

[sebastiantombs]

I set the default gateway to xxx.xxx.xxx.254 where the "x" are the regular IP address scheme for my network. The 254 is an un-routable address and prevents internet communication. Additionally I bloc things at the router by MAC address to further insure no outside contact. I do the same thing with DNS for devices that I don't want communicating on the internet, last octet of 254.

 

[Gargoile]

Could you not use 127.0.0.1

 

[Mike A.]

I'm never sure how to respond to these. Do you want the simple answer or the more scary stuff? ; )

The simple answer is, yes, to some degree at least it will help stop outgoing traffic originating from the cams.

Not necessarily though. There could be some assumed gateways in the firmware that it tries when it doesn't find a valid entry. I've seen similar behavior with a Dahua 5442 camera when using 0.0.0.0 as a DNS address. It then attempts to find Google's DNS using hard-coded addresses. Using the cam's IP or alternate nonworking address and it behaves properly. (See Interesting... Dahua T5442T-ZE with blank DNS settings still attempts to find Google DNS servers) Though I've not seen, it could very easily do the same for a hard-coded list of common gateways at 192.168.0.1, 192.168.1.1, etc. Potentially at least devices also can search for neighboring addresses to use as a gateway. I've also seen other cams of mine that will attempt to open ports via UPnP and make connections via P2P ignoring disabled settings for those functions in the cam. I recall at least one other detailed post here where someone showed more aggressive behaviors to try to get around a MAC block get out but can't find it quickly now. You'd have to watch the traffic in a sniffer like Wireshark or similar to see what it actually does. Also, if the vendor has outside control over the devices at least potentially it doesn't necessarily need the cam/NVR to initiate a connection through the gateway.

Bottom line, it should help assuming that everyone plays nicely but you shouldn't rely on that. You really need a better way to block traffic to/from the device independent of it at the network level (firewall/router). You must have some sort of router in place if they can get to it. Do you not have any access to it?

 

[asalarml13]

I set the default gateway to xxx.xxx.xxx.254 where the "x" are the regular IP address scheme for my network. The 254 is an un-routable address and prevents internet communication. Additionally I bloc things at the router by MAC address to further insure no outside contact. I do the same thing with DNS for devices that I don't want communicating on the internet, last octet of 254.

Thank you....if I set all at 192.xxx.1.254 ( all Cams & NVR) will that pose a problem?
TY for the reply : )

 

[SpacemanSpiff]

Thank you....if I set all at 192.xxx.1.254 ( all Cams & NVR) will that pose a problem?
TY for the reply : )

A question for you in response to your question noted above. Are any of your existing security camera equipment cloud based?
Some products will stop working if they cannot phone home. This is a great time for you to determine if this applies to your equipment, and consider replacing it with items that do not require an active Internet connection to function.

Edit: Otherwise... setting your gateway to the 192.x.1.254 should work

 

[asalarml13]

A question for you in response to your question noted above. Are any of your existing security camera equipment cloud based?
Some products will stop working if they cannot phone home. This is a great time for you to determine if this applies to your equipment, and consider replacing it with items that do not require an active Internet connection to function.

Thanks everyone for the responses.
I do have access to the router but all actions I take once I log in to it, they are notified. Same logic with all equipment…router, switch, WAPs, cams and NVR. The NVR is housed within my home with recordings being stored locally on the NVR.
When the system was initially installed I was not living in the area. Only recently did I realize that they have essential control over everything. Once I can get the cams and NVR to operate on the LAN only I’ll remove their equipment (i did buy the equipment) and install my own and then pursue other safeguards. I just want to get it LAN operable then make the switch.
thank you everyone for your support…

 

[SpacemanSpiff]

...
I do have access to the router but all actions I take once I log in to it, they are notified. Same logic with all equipment…router, switch, WAPs, cams and NVR. The NVR is housed within my home with recordings being stored locally on the NVR.
...

Is this a security company with this access, or is it the local telcomm/cable company with seemingly full access inside the LAN?

Afterthought on the 'anything cloud based' question earlier. Disconnect your modem from you ISP's cable into the house for 5-10 minutes and see if anything stops functioning (besides the 'the internet') This will help determine if anything is cloud dependent.

 

[asalarml13]

Is this a security company with this access, or is it the local telcomm/cable company with seemingly full access inside the LAN?

Afterthought on the 'anything cloud based' question earlier. Disconnect your modem from you ISP's cable into the house for 5-10 minutes and see if anything stops functioning (besides the 'the internet') This will help determine if anything is cloud dependent.

Thank you for the reply. The security firm has access. When we lose internet in the area, the NVR access app goes blank until the internet service returns. Thank you for your reply

 

[Mike A.]

Doesn't necessarily mean that it won't work locally. They may have just set up your access via the app through P2P or similar.

Seems you know the IPs for the NVR/cams if you're looking to change the gateways. You can you access the NVR/cam's display/controls directly in a browser?

The security firm has access to what? Only the cam system? A more detailed description of how things are set up would be helpful.

Most likely though if it's a typical NVR and cams it can be run locally. Not using their app but other ways and you can set up your own mobile access later.

 

[asalarml13]

Doesn't necessarily mean that it won't work locally. They may have just set up your access via the app through P2P or similar.

Seems you know the IPs for the NVR/cams if you're looking to change the gateways. You can you access the NVR/cam's display/controls directly in a browser?

The security firm has access to what? Only the cam system? A more detailed description of how things are set up would be helpful.

Most likely though if it's a typical NVR and cams it can be run locally. Not using their app but other ways and you can set up your own mobile access later.

Thank you
I can access the NVR and cams. The system is configured from ISP entry point through to all WAP devices that they have oversight. Thank you everyone for your help

 

[SpacemanSpiff]

Much to @Mike A.'s point, you could try typing the IP address of the NVR into a web browser and (hopefully) login.

Or consider attaching a monitor directly to the NVR, then break the Internet connection.

 

[SpacemanSpiff]

Thank you
I can access the NVR and cams. The system is configured from ISP entry point through to all WAP devices that they have oversight. Thank you everyone for your help

Smart choice to phase out OvrC from access & involvement. As well as installing your own hardware during the process. Who knows what back doors they have in the hardware they sell.

 

[asalarml13]

Much to @Mike A.'s point, you could try typing the IP address of the NVR into a web browser and (hopefully) login.

Or consider attaching a monitor directly to the NVR, then break the Internet connection.

Great, thank you
I truly appreciate everyone’s replies, networking is new to me and I really value everyone’s opinion. This forum is very educational, and also reinforces how much I have to learn
: )