Suspicious data traffic

[Roye]

I recently upgraded my network and among other things I replaced the old router with UDM Pro which allows me to manage my network better and also provides me with efficient information about data traffic in my network.

One of my Dahua cameras most of the time uploads content to the web, even though I made sure there was no remote viewing from my side. (Screenshot attached)

The rest of the cameras have no traffic, the traffic is only on the computer on which BlueIris is installed.

Can anyone explain what exactly is going on?

Thanks : )

 

[wittaj]

Is the camera on your internet IP or is it completely isolated via VLAN or dual NIC?

In any event it looks like you need to relook at that setup and make sure P2P hasn't been turned on or something.

 

[prsmith777]

I've just started this hobby and I think I've followed the guidelines in the wiki correctly.

I have 2 dahua 5442 cams on their own VLAN with dual NIC to Blue Iris.

My Unifi shows 0 Mps up and 0 Mps down for those cameras.

After I set up my firewall rules for the VLAN, I tested with a laptop and couldn't hit the internet or the LAN from the VLAN so I know it was set up right.

 

[Roye]

Is the camera on your internet IP or is it completely isolated via VLAN or dual NIC?

In any event it looks like you need to relook at that setup and make sure P2P hasn't been turned on or something.

It still not Isolated. I think I should need to buy dual NIC.
I can't find P2P option under network settings.

 

[SpacemanSpiff]

Need more details. Your screen shot merely shows the camera is TX (transmitting) at 7.35Mbps. Is the chart you cited merely an overall view of your devices and their RX/TX stats?
Look for a report that shows LAN to WAN details. Based on my experiences with this specific detail, you should see the source device IP on the LAN, a destination IP on the WAN (internet) the traffic is destined for, and "action" column that shows whether the respective packets were allowed or denied.

 

[Roye]

I've just started this hobby and I think I've followed the guidelines in the wiki correctly.

Thanks for the link.
This is my next task ، Securing the network and separating the cameras on a vlan.

 

[wittaj]

Yep, if they are not isolated from the internet, then it is totally possible one is accessing it.

Dual NIC is the cheapest and quickest way to isolate.

 

[SpacemanSpiff]

An immediate stopgap measure you can implement now, while you work towards buying a second NIC on the BI server:
Create rules on your router now, that will block any traffic from the IP addresses of the cameras to the WAN (internet).

 

[alastairstevenson]

I replaced the old router with UDM Pro which allows me to manage my network better and also provides me with efficient information about data traffic in my network.

Do you have the camera connected to a LAN port on the UDM Pro?
If so - is your screenshot showing the camera LAN traffic that's being pulled by BI as opposed to traffic heading out to the internet?

It's generally best practice to avoid sending camera video traffic through the LAN router, on some devices it can have a big impact on their ability to perform the routing task.

 

[JNDATHP]

The traffic you are seeing is to/from switch from/to camera, not the web.

This my WAN Out rule.

 

[Roye]

In the meantime, I unplugged the camera until I set up a proper VLAN. Thank you all!

 

[alastairstevenson]

In the meantime, I unplugged the camera until I set up a proper VLAN

It will do no harm leaving it active until you change the network topology, these are gigabit ports.