There's been a lot of discussion on how to block cameras from accessing the Internet. What about this one: If you set up the camera with a static IP and set the default gateway to a non-existent IP address on its subnet, won't that block it from accessing the Internet?
Stopping camera from phoning home
- Thread starter tigerwillow1
- Start date
nayr
IPCT Contributor
yeah but tha'll also block your VPN from working with a TAP/Routed setup; your better off creating firewall rules on the router to enforce network policies.
Most good routers/firewalls will let you define a group of hosts, make a group with all the IP's of your cameras, then create a rule blocking all inbound and all outbound traffic for that group.
Most good routers/firewalls will let you define a group of hosts, make a group with all the IP's of your cameras, then create a rule blocking all inbound and all outbound traffic for that group.
alastairstevenson
Staff member
Yes, it will, provided the camera configuration doesn't validate the address and object to it, or figure out a valid gateway for itself (malware behaviour).
Many firmwares are now using built-in IP addresses for DNS resolution. If you leave the DNS server IP blank, they'll still attempt to phone home using their built-in DNS addresses. As nayr and alastairstevenson said, block the traffic at your router.
alastairstevenson
Staff member
It all depends on how good you are at networking, and your setup. If you do a static reservation in DHCP, and are also able to give a non-working gateway, then that may work. Another option, which I'm planning is have a separate VLAN/network for the cameras, and make the NVR (or in my case BlueIris) multihomed, so I can see my cameras remotely only via the blueiris interface.
Ideally though, blocking at the firewall is easiest, and (usually) most straight forward.
Ideally though, blocking at the firewall is easiest, and (usually) most straight forward.