Menu
What's new

Stopping camera from phoning home

T

tigerwillow1

Known around here
Joined
Jul 18, 2016
Messages
3,844
Reaction score
8,507
Location
USA, Oregon
There's been a lot of discussion on how to block cameras from accessing the Internet. What about this one: If you set up the camera with a static IP and set the default gateway to a non-existent IP address on its subnet, won't that block it from accessing the Internet?
 
nayr

nayr

IPCT Contributor
Joined
Jul 16, 2014
Messages
9,329
Reaction score
5,325
Location
Denver, CO
yeah but tha'll also block your VPN from working with a TAP/Routed setup; your better off creating firewall rules on the router to enforce network policies.

Most good routers/firewalls will let you define a group of hosts, make a group with all the IP's of your cameras, then create a rule blocking all inbound and all outbound traffic for that group.
 
alastairstevenson

alastairstevenson

Staff member
Joined
Oct 28, 2014
Messages
15,952
Reaction score
6,786
Location
Scotland
tigerwillow1 said:
set the default gateway to a non-existent IP address on its subnet, won't that block it from accessing the Internet?
Click to expand...
Yes, it will, provided the camera configuration doesn't validate the address and object to it, or figure out a valid gateway for itself (malware behaviour).
 
VorlonFrog

VorlonFrog

IPCT+ Member
Joined
Aug 3, 2015
Messages
3,820
Reaction score
12,272
Location
Charlotte
Many firmwares are now using built-in IP addresses for DNS resolution. If you leave the DNS server IP blank, they'll still attempt to phone home using their built-in DNS addresses. As nayr and alastairstevenson said, block the traffic at your router.
 
alastairstevenson

alastairstevenson

Staff member
Joined
Oct 28, 2014
Messages
15,952
Reaction score
6,786
Location
Scotland
VorlonFrog said:
Many firmwares are now using built-in IP addresses for DNS resolution. If you leave the DNS server IP blank, they'll still attempt to phone home using their built-in DNS addresses. As nayr and alastairstevenson said, block the traffic at your router
Click to expand...
Sure - but if they can't figure a gateway, there is no way out of the subnet.
 
J

JoeShmo

Young grasshopper
Joined
Jun 27, 2016
Messages
28
Reaction score
1
It all depends on how good you are at networking, and your setup. If you do a static reservation in DHCP, and are also able to give a non-working gateway, then that may work. Another option, which I'm planning is have a separate VLAN/network for the cameras, and make the NVR (or in my case BlueIris) multihomed, so I can see my cameras remotely only via the blueiris interface.
Ideally though, blocking at the firewall is easiest, and (usually) most straight forward.
 
You must log in or register to reply here.
Top