IPM-721S attempting connections to Amazon servers?

[tomicus]

Thanks for that information. I also hate hate hate when cameras talk to outside servers by default but I do understand why Amcrest does it. I too noticed the traffic but disabling P2P fixed it. Definitely beware of some cheap cameras that send video to who knows where. Thanks again!

[vegas50000]

Disabling P2P has no effect for me.

Jono F. (Amcrest)
Apr 20, 2:16 PM CST

Sadly you cannot stop these connections you con on decrease then by just adding the camera to a free Amcrest Cloud Plan.
Thank you & have a great day.

Kind Regards,

Jono Fletcher
Help Desk Specialist
Monday - Friday 9:30AM - 5:30PM CST

Source IP Destination_IP Status _time Destination Port count Protocol
192.168.1.6 52.90.88.253 ESTABLISHED 2017-04-20 13:12:00 443 1 tcp
192.168.1.6 54.162.224.230 ESTABLISHED 2017-04-20 13:12:00 443 1 tcp
192.168.1.7 107.23.233.106 ESTABLISHED 2017-04-20 13:12:00 443 1 tcp
192.168.1.8 52.91.65.92 ESTABLISHED 2017-04-20 13:12:00 443 1 tcp
192.168.1.6 52.90.88.253 ESTABLISHED 2017-04-20 13:11:00 443 1 tcp
192.168.1.6 54.162.224.230 ESTABLISHED 2017-04-20 13:11:00 443 1 tcp
192.168.1.7 107.23.233.106 ESTABLISHED 2017-04-20 13:11:00 443 1 tcp
192.168.1.8 52.91.65.92 ESTABLISHED 2017-04-20 13:11:00 443 1 tcp
192.168.1.6 52.90.88.253 ESTABLISHED 2017-04-20 13:10:00 443 1 tcp
192.168.1.6 54.162.224.230 ESTABLISHED 2017-04-20 13:10:00 443 1 tcp
192.168.1.7 107.23.233.106 ESTABLISHED 2017-04-20 13:10:00 443 1 tcp
192.168.1.8 52.91.65.92 ESTABLISHED 2017-04-20 13:10:00 443 1 tcp
192.168.1.6 52.90.88.253 ESTABLISHED 2017-04-20 13:09:02 443 1 tcp
192.168.1.6 54.162.224.230 ESTABLISHED 2017-04-20 13:09:02 443 1 tcp
192.168.1.7 107.23.233.106 ESTABLISHED 2017-04-20 13:09:02 443 1 tcp
192.168.1.8 52.91.65.92 ESTABLISHED 2017-04-20 13:09:02 443 1 tcp

[in2survive]

I see traffic to ports 80, 8800 and 12366. I just have a rule on my FW blocking any traffic from the cameras to the internet, period. The only way to access them is via a locked down server.
It was interesting to see the vulnerability on the FOSCAM (hardcoded users), which can potentially allow a hacker to get a live feed... well, fortunately, that didn't affect me because of my internal rules!

[DSLNTLSYYAA]

AMCREST Appreciation
I have several AMCREST cameras and they are my favorite for my applications. Although I agree with the concept of auto update, it assumes the need for frequent updates and all users want automatic updates. I found that AMCREST rarely (if ever) updates firmware on many of their products. Considering their software is largely excellent out of the box from a functionality point of view and the need to focus their efforts on new products due to the high rate of technology change, this is understandable and acceptable. But, this is just another indication of how most IOT devices are managed and should remain untrusted for internet access and isolated from non-IOT devices.

Recommendation for AMCREST going forward
The recommended solution for AMCREST is to focus on ensuring the user has control of the options. The optimal solution is to create an option for auto-update vs. manual update with the default set to auto-update. This solves two problems. It ensures novice users are managed appropriately while allowing more advanced users and security engineers to select the non-default value of a manual update.

Work Around for Advanced Users and Security Engineers
Allow the AMCREST cameras to only access the local isolated and non-trusted IOT networks (rule #1) followed by deny camera access to everything else (rule #2).

For Remote Access
Use a remote VPN (do not allow inbound WEB traffic).

Wireguard
The best remote VPN today is Wireguard (Free Open Source Software). The best once was OpenVPN. But, OpenVPN failed a code review because it is considered a kitchen sink VPN with two many options. Wireguard is a re-write based on OpenVPN, has been review successfully and is much easier to use.

Regards.

Over Qualified Security Engineer