Turn off P2P to Dramatically Reduce WAN Access Attempts

guykuo

Getting comfortable
Joined
Jul 7, 2018
Messages
247
Reaction score
285
Location
Sammamish, WA
I thought I had all my web services turned off in my Dahua cameras. They also live in an isolated network that doesn't allow DNS lookups. Despite those restrictions, my router kept showing the cameras attempting to contact the outside world. Stats showed thousands of camera to WAN connection attempts were being blocked by my EdgeRouterX.
Screen Shot 2020-01-21 at 3-1.37.09 PM.jpg

Turns out I failed to turn off Access Platform P2P in some of my Dahua cameras.
Dahua P2P runs even if you don't allow the cameras DNS lookups.

Disabling P2P dramatically reduced the undesired connection attempts.
 
Last edited:

c hris527

Known around here
Joined
Oct 12, 2015
Messages
1,386
Reaction score
1,014
Location
NY
Yes it does, A good reminder here to keep that stuff disabled, I have found that the newer NVR's and Cams are comming disabled by default.
 

funkybunch

Getting the hang of it
Joined
Jun 13, 2018
Messages
291
Reaction score
58
Location
TX
so how does one safely monitor their cameras when they are away from home?
 

guykuo

Getting comfortable
Joined
Jul 7, 2018
Messages
247
Reaction score
285
Location
Sammamish, WA
Safest is to VPN into your network to view the cameras. Then you proceed as though on your home network.

Second, somewhat less safe alternative, is to port forward into your recording PC's BlueIris or SecuritySpy web service.

Less safe is port forwarding to your NVR.

Completely unrecommended, horrible option is to port forward directly to your cameras.
 

funkybunch

Getting the hang of it
Joined
Jun 13, 2018
Messages
291
Reaction score
58
Location
TX
yeah i knew port forwarding was out the window, but enabling P2P is safe via VPN? blue iris is out for me, ordering an NVR whenever andy gets back.
 

funkybunch

Getting the hang of it
Joined
Jun 13, 2018
Messages
291
Reaction score
58
Location
TX
and is there a physical piece of hardware that'a vpn or firewall that is beneficial or do i just plug the camers into the nvr and then run a ethernet cable into the swtich and buy something like nordvpn or openvpn (can't think of the good one off the top of my head).
 

fenderman

Staff member
Joined
Mar 9, 2014
Messages
32,228
Reaction score
11,290
yeah i knew port forwarding was out the window, but enabling P2P is safe via VPN? blue iris is out for me, ordering an NVR whenever andy gets back.
p2p is not safe. There is no such thing as p2p via vpn, you dont understand the terms.
 

fenderman

Staff member
Joined
Mar 9, 2014
Messages
32,228
Reaction score
11,290
and is there a physical piece of hardware that'a vpn or firewall that is beneficial or do i just plug the camers into the nvr and then run a ethernet cable into the swtich and buy something like nordvpn or openvpn (can't think of the good one off the top of my head).
you must read the wiki on securing your network. If you suggest nordvpn it indicates you have not.
 
Top