I've discovered that the Amcrest cameras are accessing the internet w/o my consent. My firewall logs indicate they are trying to connect to; 54.84.228.44, 34.201.172.195, 34.238.41.119, 54.205.158.199. I cannot find any reason for this in the documentation. There is no "auto update" feature, so I know that they are not trying to update firmware. I have my own servers at home (my own secure cloud) that manage my security system, so I am not using any of the Amcrest "cloud" features (all disabled). So, what are these cameras trying to do?
In the past 24 hours, my firewall has stopped over 4MB of packets from the cameras trying to access these IPs.
Quite disturbing considering the issues with IOT devices leaking information to the net.
Cameras accessing internet w/o permission
Re: Cameras accessing internet w/o permission
I found after I explicitly blocked those IP's in and out, the cameras then tried to connect to a few other IP's. The list I have blocked now is:
34.201.172.195
34.238.41.119
54.205.159.199
52.55.110.246
54.209.127.50
34.227.6.54
I'll come back and update the list if I find any others.
34.201.172.195
34.238.41.119
54.205.159.199
52.55.110.246
54.209.127.50
34.227.6.54
I'll come back and update the list if I find any others.
Re: Cameras accessing internet w/o permission
Are you sure it's your cameras doing that? Those addresses all come back as registered to Amazon.com.
Mike
Mike
Re: Cameras accessing internet w/o permission
I'm very sure. My cameras are statically assigned and the connections originated from those IP addresses.
Re: Cameras accessing internet w/o permission
it gets worse.. while i figured the connections to AWS were for upgrades; i setup an ACL to block my camera subnet (i have 9 amcrest cams) from connecting to the WAN at all, and 4 of the cameras simply stop functioning at all until I allow WAN access again.
@Amcrest give us the option to ignore your updates (which typically break the cameras... when was the last time anyone could rename a camera using the latest firmwares...) And if you lack the skill to code in a button we can uncheck to stop looking for updates, how about not bricking our devices when we block WAN access.
I have many regrets... buying amcrest is one of them.
@Amcrest give us the option to ignore your updates (which typically break the cameras... when was the last time anyone could rename a camera using the latest firmwares...) And if you lack the skill to code in a button we can uncheck to stop looking for updates, how about not bricking our devices when we block WAN access.
I have many regrets... buying amcrest is one of them.
Re: Cameras accessing internet w/o permission
I've notice my camera keeps trying to connect to: 54.209.127.50
multiple times in a row...
So even in 2018 this issue hasn't been resolved yet.
------------
camera ip* 54.209.127.50 8815
camera ip* 54.209.127.50 8814
camera ip* 54.209.127.50 8813
camera ip* 54.209.127.50 8812
camera ip* 54.209.127.50 8811
camera ip* 54.209.127.50 8810
------------
WHOIS:
NetRange: 54.208.0.0 - 54.221.255.255
CIDR: 54.216.0.0/14, 54.220.0.0/15, 54.208.0.0/13
NetName: AMAZON-2011L
NetHandle: NET-54-208-0-0-1
Parent: NET54 (NET-54-0-0-0-0)
NetType: Direct Allocation
OriginAS: AS16509
Organization: Amazon Technologies Inc. (AT-88-Z)
RegDate: 2013-02-19
Updated: 2013-02-19
Ref: https://whois.arin.net/rest/net/NET-54-208-0-0-1
OrgName: Amazon Technologies Inc.
OrgId: AT-88-Z
Address: 410 Terry Ave N.
City: Seattle
StateProv: WA
PostalCode: 98109
Country: US
RegDate: 2011-12-08
Updated: 2017-01-28
multiple times in a row...
So even in 2018 this issue hasn't been resolved yet.
------------
camera ip* 54.209.127.50 8815
camera ip* 54.209.127.50 8814
camera ip* 54.209.127.50 8813
camera ip* 54.209.127.50 8812
camera ip* 54.209.127.50 8811
camera ip* 54.209.127.50 8810
------------
WHOIS:
NetRange: 54.208.0.0 - 54.221.255.255
CIDR: 54.216.0.0/14, 54.220.0.0/15, 54.208.0.0/13
NetName: AMAZON-2011L
NetHandle: NET-54-208-0-0-1
Parent: NET54 (NET-54-0-0-0-0)
NetType: Direct Allocation
OriginAS: AS16509
Organization: Amazon Technologies Inc. (AT-88-Z)
RegDate: 2013-02-19
Updated: 2013-02-19
Ref: https://whois.arin.net/rest/net/NET-54-208-0-0-1
OrgName: Amazon Technologies Inc.
OrgId: AT-88-Z
Address: 410 Terry Ave N.
City: Seattle
StateProv: WA
PostalCode: 98109
Country: US
RegDate: 2011-12-08
Updated: 2017-01-28
-
aadhoc4305
- Posts: 1
- Joined: Sat Mar 21, 2020 9:30 pm
Re: Cameras accessing internet w/o permission
I'm seeing my IP8M-2496E cameras connecting to same ports.
I am not using any cloud service.
Would be nice to know if/how this traffic can be prevented.
54.209.127.50 on ports 8810-8815
54.205.158.199 on port 8802
35.162.149.236 on port 15301
52.35.182.58 on port 15301
54.84.228.44 on port 80 (update service according to other post)
(I bought my cameras in Jan-2020, and updated their firmware)
I am not using any cloud service.
Would be nice to know if/how this traffic can be prevented.
54.209.127.50 on ports 8810-8815
54.205.158.199 on port 8802
35.162.149.236 on port 15301
52.35.182.58 on port 15301
54.84.228.44 on port 80 (update service according to other post)
(I bought my cameras in Jan-2020, and updated their firmware)
Re: Cameras accessing internet w/o permission
@aadhoc4305 Hello and Welcome to the Forum
SO if you have only 1 camera I would try this an see if the ports are still trying to access.... if you have more then you will need to do it to all your cameras...
Seeing you said you don't have any Cloud service and that is what Amazon would be used for... I would also guess that it might be the sever for P2P as well. I am not sure but this is just a Guess...
So what I would do if you want to check if that is the issue... Log into your camera WebUi over IE or Chrome however you normally access your UI.. Then go to setup and then under Network look for something that says P2P it is in different areas in a couple of my cameras so I can't say for sure where it would be in your 4K camera... However I am sure it is under Network.. Could be under TCP/IP and or might be just in the Network tab as I have them in both places in 2 different model cameras.... ONce you get there... Turn off P2P service and see if the Amazon access goes away... It might need to rest a few minutes after you make the change before the servers stop asking your camera if it is still there...
If that is it... Then you need to understand that you have turned off the Ability to see your camera on your Amcrest App when your away from home.. IF you need to have access to your camera while away from home you will need to now setup a DDNS and port forwarding... While this is something that isn't in the scope of normal camera forum you might want to find a Networking forum if you don't know how to setup Port Forwarding or there might be some Videos on the matter from Amcrest however I am not sure.. I don't have a 4k camera and while I am sure it might be the same type setup of others it might not be as easy to access as older model cameras.... Menus and sub trees have changed so it might not be to easy to follow but will give you the basic idea... To Be Honest... I would test and if all the port talking goes away with turning off P2P I would turn it back on and just understand that it is the easiest way for you to contact your camera while away form home.... Why more then 1 IP... Well because there are P2P servers that are looking for your app to ask for service.. .If you only had 1 server setup to wait for your PING it might be delayed or even lost with all the other Traffic of others that might want the same service for their camera.....
SO if you have only 1 camera I would try this an see if the ports are still trying to access.... if you have more then you will need to do it to all your cameras...
Seeing you said you don't have any Cloud service and that is what Amazon would be used for... I would also guess that it might be the sever for P2P as well. I am not sure but this is just a Guess...
So what I would do if you want to check if that is the issue... Log into your camera WebUi over IE or Chrome however you normally access your UI.. Then go to setup and then under Network look for something that says P2P it is in different areas in a couple of my cameras so I can't say for sure where it would be in your 4K camera... However I am sure it is under Network.. Could be under TCP/IP and or might be just in the Network tab as I have them in both places in 2 different model cameras.... ONce you get there... Turn off P2P service and see if the Amazon access goes away... It might need to rest a few minutes after you make the change before the servers stop asking your camera if it is still there...
If that is it... Then you need to understand that you have turned off the Ability to see your camera on your Amcrest App when your away from home.. IF you need to have access to your camera while away from home you will need to now setup a DDNS and port forwarding... While this is something that isn't in the scope of normal camera forum you might want to find a Networking forum if you don't know how to setup Port Forwarding or there might be some Videos on the matter from Amcrest however I am not sure.. I don't have a 4k camera and while I am sure it might be the same type setup of others it might not be as easy to access as older model cameras.... Menus and sub trees have changed so it might not be to easy to follow but will give you the basic idea... To Be Honest... I would test and if all the port talking goes away with turning off P2P I would turn it back on and just understand that it is the easiest way for you to contact your camera while away form home.... Why more then 1 IP... Well because there are P2P servers that are looking for your app to ask for service.. .If you only had 1 server setup to wait for your PING it might be delayed or even lost with all the other Traffic of others that might want the same service for their camera.....
Be Safe.