I have a very similar problem with four Amcrest cameras.
I have two IP2M-841 cameras and two ASH21-W cameras.
On September 3rd I get a phone call from my ISP telling me I have multiple devices creating an extreme amount of DNS queries to ip.3322.net, a widely recognized BOTNET command & control callback URL. I began to investigate which of my devices is possibly infected with botnet malware. None of my PC's, tablets, or phones were infected. Next day the ISP calls again and says the traffic has quadrupled. The DNS requests have now gone from 110,000/day to 450,000/day. They advised me to solve the problem within the next 24 hours or be disconnected permanently.
I spent roughly 90 minutes talking to their upper level tech support and they finally were able to capture the MAC of four devices making the requests. Two devices beginning with 00-1F-54 (IP2M-841's) and two others using 9C:8E:CD (ASH21W's). I pulled the power plug on all four cameras and all the traffic to ip.3322.net stopped completely.
I installed the latest firmware for both models, but it would appear the Amcrest firmware is actually making these requests. WHY?? Any ideas how to stop these cameras making this outrageous amount of outbound connections to unsolicited third parties? Until someone can provide me with an answer it appears I have four Amcrest cameras that I cannot use.
IP Cam DNS Query Overload
Re: IP Cam DNS Query Overload
@HikwQedxw Hello and Welcome to the Forum
Sadly I am not sure why your cameras are make such Requests... I also have not heard of any of Amcrest Cameras starting with 00-1F-54 Mac address.. Oddly enough it is a Lorex Mac address and I am guessing that what ever year your 841's are from they must have ran out of the Amcrest Networking chip and used Lorex ones seeing they are manufactured in same plant. I have many 841's some with Dahua Mac addresses from 2015 and all the others are Amcrest Mac from 16 to the last one I got in 2019..
I am not sure when you bought your cameras and if it was from Amcrest Direct line of sales or if it was Used from a unknown source sadly when it comes to cameras like this I have a few from 2013 and 2014 I don't trust so I have their access to my Internet turned off.. While they are on my Network and I have access to them over my Switch my Router doesn't let any of them access in or out going internet.. That might be something you could do so you can still use your cameras but not have the traffic form your ISP
Buying used cameras can be hard because at times people can do things to your camera or device like add their own backdoor into your world when you think you are safe..
Sadly I am not sure why your cameras are make such Requests... I also have not heard of any of Amcrest Cameras starting with 00-1F-54 Mac address.. Oddly enough it is a Lorex Mac address and I am guessing that what ever year your 841's are from they must have ran out of the Amcrest Networking chip and used Lorex ones seeing they are manufactured in same plant. I have many 841's some with Dahua Mac addresses from 2015 and all the others are Amcrest Mac from 16 to the last one I got in 2019..
I am not sure when you bought your cameras and if it was from Amcrest Direct line of sales or if it was Used from a unknown source sadly when it comes to cameras like this I have a few from 2013 and 2014 I don't trust so I have their access to my Internet turned off.. While they are on my Network and I have access to them over my Switch my Router doesn't let any of them access in or out going internet.. That might be something you could do so you can still use your cameras but not have the traffic form your ISP
Buying used cameras can be hard because at times people can do things to your camera or device like add their own backdoor into your world when you think you are safe..
Be Safe.