Turn off P2P to Dramatically Reduce WAN Access Attempts

[guykuo]

I thought I had all my web services turned off in my Dahua cameras. They also live in an isolated network that doesn't allow DNS lookups. Despite those restrictions, my router kept showing the cameras attempting to contact the outside world. Stats showed thousands of camera to WAN connection attempts were being blocked by my EdgeRouterX.


Turns out I failed to turn off Access Platform P2P in some of my Dahua cameras.
Dahua P2P runs even if you don't allow the cameras DNS lookups.

Disabling P2P dramatically reduced the undesired connection attempts.

 

[c hris527]

Yes it does, A good reminder here to keep that stuff disabled, I have found that the newer NVR's and Cams are comming disabled by default.

 

[funkybunch]

so how does one safely monitor their cameras when they are away from home?

 

[usaf_pride]

so how does one safely monitor their cameras when they are away from home?

VPN

 

[guykuo]

Safest is to VPN into your network to view the cameras. Then you proceed as though on your home network.

Second, somewhat less safe alternative, is to port forward into your recording PC's BlueIris or SecuritySpy web service.

Less safe is port forwarding to your NVR.

Completely unrecommended, horrible option is to port forward directly to your cameras.

 

[funkybunch]

yeah i knew port forwarding was out the window, but enabling P2P is safe via VPN? blue iris is out for me, ordering an NVR whenever andy gets back.

 

[funkybunch]

and is there a physical piece of hardware that'a vpn or firewall that is beneficial or do i just plug the camers into the nvr and then run a ethernet cable into the swtich and buy something like nordvpn or openvpn (can't think of the good one off the top of my head).

 

[fenderman]

yeah i knew port forwarding was out the window, but enabling P2P is safe via VPN? blue iris is out for me, ordering an NVR whenever andy gets back.

p2p is not safe. There is no such thing as p2p via vpn, you dont understand the terms.

 

[fenderman]

and is there a physical piece of hardware that'a vpn or firewall that is beneficial or do i just plug the camers into the nvr and then run a ethernet cable into the swtich and buy something like nordvpn or openvpn (can't think of the good one off the top of my head).

you must read the wiki on securing your network. If you suggest nordvpn it indicates you have not.

 

[MC1987]

and is there a physical piece of hardware that'a vpn or firewall that is beneficial or do i just plug the camers into the nvr and then run a ethernet cable into the swtich and buy something like nordvpn or openvpn (can't think of the good one off the top of my head).

Netcelero