Constant External IP Requests
Re: Constant External IP Requests
It's buggy firmware. From what i'm been led to believe, calling home should only last 2 hours after you plug it in if you don't use the cloud service. In my case, it did this for weeks and weeks. Then one day, it did stop but if you ever lost power or need to unplug the camera for any reason, it will come back after you plug it in. Yes, it doesn't take up much bandwith but, we, the users, should be able to have the option of turning off the call home function.
Re: Constant External IP Requests
I have 10 cameras and no activity on port 443 from them.
-
- Posts: 17
- Joined: Mon Mar 06, 2017 3:29 am
Re: Constant External IP Requests
The simplest solution is set the camera's gateway address to something other than your real gateway. If you need external access you want log into a secure NVR, not individual cameras. No IoT device should have access to the Internet on its own.
Re: Constant External IP Requests
It more of an annoyance than anything. My other cameras don't constantly call home. Unless this issue is addressed, I doubt my next camera will be an Amcrest.
Also, from reading a lot of these forum posts, it appears Amcrest won't care if they lose a few customers.
Also, from reading a lot of these forum posts, it appears Amcrest won't care if they lose a few customers.
-
- Posts: 18
- Joined: Thu Jul 07, 2016 5:10 pm
Re: Constant External IP Requests
I have a significant investment in Amcrest cameras. Fortunately, I had the foresight to install all mine on a blind network with no Internet access. But its not reasonable to have this question unanswered for YEARS. Amcrest should at least tell us they are working on it or something. I think my next step will be to make sure that the Internet of Things people at the FTC are aware of this thread and Amcrest's unwillingness to respond to its customer's concerns.
Your average homeowner is a non-techie who doesnt understand the implications of this whole design.
Your average homeowner is a non-techie who doesnt understand the implications of this whole design.
Re: Constant External IP Requests
Did some more digging and found requests to some amazon sites and clock sites. I just set up firewall rules to block those requests to amazon. I left the clock ones as that's what syncs the date and time. I have an Untangle UTM so it's a little more advanced but you should be able to block sites in the firewall section of your router.
Re: Constant External IP Requests
I run pfSense and pi-hole but that's not the point to block the sites when the camera should not be calling home all the time if not needed. Either fix the firmware so it does shut off after x amount of time or give the option for the end user to shut it off. I have 1 Amcrest camera and it is, by far, the noisiest thing on my network.t84a wrote:Did some more digging and found requests to some amazon sites and clock sites. I just set up firewall rules to block those requests to amazon. I left the clock ones as that's what syncs the date and time. I have an Untangle UTM so it's a little more advanced but you should be able to block sites in the firewall section of your router.
FYI, i have both these sites blocked:
dh.amcrestsecurity.com
config.amcrestcloud.com
If i need to update the firmware, i'll do it manually but i doubt they are even working on new firmware. I especially don't want it updated without my consent like here:
https://amcrest.com/forum/general-discu ... t1506.html
Re: Constant External IP Requests
I've notice my camera keeps trying to connect to: 54.209.127.50
multiple times in a row...
So even in 2018 this issue hasn't been resolved yet.
------------
camera ip* 54.209.127.50 8815
camera ip* 54.209.127.50 8814
camera ip* 54.209.127.50 8813
camera ip* 54.209.127.50 8812
camera ip* 54.209.127.50 8811
camera ip* 54.209.127.50 8810
------------
WHOIS:
NetRange: 54.208.0.0 - 54.221.255.255
CIDR: 54.216.0.0/14, 54.220.0.0/15, 54.208.0.0/13
NetName: AMAZON-2011L
NetHandle: NET-54-208-0-0-1
Parent: NET54 (NET-54-0-0-0-0)
NetType: Direct Allocation
OriginAS: AS16509
Organization: Amazon Technologies Inc. (AT-88-Z)
RegDate: 2013-02-19
Updated: 2013-02-19
Ref: https://whois.arin.net/rest/net/NET-54-208-0-0-1
OrgName: Amazon Technologies Inc.
OrgId: AT-88-Z
Address: 410 Terry Ave N.
City: Seattle
StateProv: WA
PostalCode: 98109
Country: US
RegDate: 2011-12-08
Updated: 2017-01-28
multiple times in a row...
So even in 2018 this issue hasn't been resolved yet.
------------
camera ip* 54.209.127.50 8815
camera ip* 54.209.127.50 8814
camera ip* 54.209.127.50 8813
camera ip* 54.209.127.50 8812
camera ip* 54.209.127.50 8811
camera ip* 54.209.127.50 8810
------------
WHOIS:
NetRange: 54.208.0.0 - 54.221.255.255
CIDR: 54.216.0.0/14, 54.220.0.0/15, 54.208.0.0/13
NetName: AMAZON-2011L
NetHandle: NET-54-208-0-0-1
Parent: NET54 (NET-54-0-0-0-0)
NetType: Direct Allocation
OriginAS: AS16509
Organization: Amazon Technologies Inc. (AT-88-Z)
RegDate: 2013-02-19
Updated: 2013-02-19
Ref: https://whois.arin.net/rest/net/NET-54-208-0-0-1
OrgName: Amazon Technologies Inc.
OrgId: AT-88-Z
Address: 410 Terry Ave N.
City: Seattle
StateProv: WA
PostalCode: 98109
Country: US
RegDate: 2011-12-08
Updated: 2017-01-28
Re: Constant External IP Requests
That's what I got from their support.
They said they treat security seriously, but obviously not. I put all the cameras in a different vlan. To manage and communicate to the camera server, I have to set a correct gateway IP for them. Although I use Pi-Hole at home, but this chatty cam just flushing the Pi-Hole database.
I have two different model cameras. One have a recent firmware update. After upgrade to the latest firmware, it does stop calling back to config.amcrestcloud.com after two hours. But the other one does not have any new firmware available. It generates over 10K requests to config.amcrestcloud.com in 24 hours. They have no interest to release any update or hotfix to address this.Please see the following statement from our dev:
1) Amcrest Cameras are set by default to open connections to the AmcrestView P2P Portal (hosted by Amazon AWS in the US) as well as AmcrestCloud cloud video recording service (hosted by Amazon AWS in the US)
2) To disable the AmcrestView P2P connections, you have to log in to the Amcrest web user interface and disable the P2P option. Please see this video here on setting up Desktop access on a web-browser:
3) With respect to the AmcrestCloud connection, each time your camera is powered on it goes in to "listening" mode for 2 hours waiting for a confirmed connection from AmcrestCloud. If you do not set up your AmcrestCloud within 2 hours, the signal will stop. Thus, in order to prevent Amcrest cameras from pinging our AmcrestCloud server, simply wait 2 hours without connecting the camera to AmcrestCloud and the connections will automatically stop. If you want to connect to the Cloud in the future, simply power cycle your camera and the Cloud connection window will open up for another 2 hours.
They said they treat security seriously, but obviously not. I put all the cameras in a different vlan. To manage and communicate to the camera server, I have to set a correct gateway IP for them. Although I use Pi-Hole at home, but this chatty cam just flushing the Pi-Hole database.
Re: Constant External IP Requests
Has anything been figured out with this?
I recently added some Amcrest IP cameras.
I created a firewall rule disallowing all traffic incoming and outgoing for the STATIC IP addresses. In the cameras I disabled checking for updates, disabled NTP to an outside IP address, disabled P2P, disabled every type of service that would be reaching out to the web. In the firewall logs I see the cameras repeatedly trying to access the web. In a 10 minute window a single camera is generating 216 block messages. The PORT that is being used is random and changes every time. Following are the ports being used in a 10 minute window (sorted numerically):
32914, 33005, 33013, 33033, 33165, 33384, 33429, 33431, 33489, 33617, 33734, 33915, 33925, 33939, 34093, 34330, 34333, 34394, 34503, 34582, 34756, 34855, 34900, 34936, 35096, 35196, 35417, 35460, 35479, 35639, 35667, 35851, 36017, 36066, 36352, 36597, 36853, 37054, 37233, 37239, 37491, 37547, 37621, 37635, 37826, 37936, 38025, 38029, 38046, 38169, 38445, 38489, 38515, 38775, 39189, 39328, 39363, 39623, 39704, 39710, 39821, 40040, 40064, 40105, 40153, 40337, 40419, 40474, 40547, 40676, 40681, 40727, 40802, 40974, 41021, 41062, 41198, 41349, 41380, 41417, 41482, 41490, 41941, 42010, 42091, 42139, 42174, 42176, 42204, 42206, 42299, 42319, 42496, 42661, 43025, 43037, 43071, 43225, 43314, 43479, 43520, 43548, 43618, 43682, 43689, 43741, 43766, 43913, 43951, 43992, 44045, 44167, 44343, 44359, 44610, 44631, 44664, 44737, 44939, 45007, 45022, 45230, 45284, 45292, 45309, 45368, 45378, 45391, 45422, 45473, 45609, 45616, 45705, 46006, 46067, 46212, 46216, 46281, 46367, 46413, 46620, 46664, 46915, 46924, 46978, 46984, 47053, 47053, 47166, 47187, 47447, 47558, 47590, 47602, 47651, 47717, 47777, 47804, 47823, 48240, 48537, 48786, 48802, 48829, 48843, 48872, 48938, 49118, 49144, 49187, 49260, 49416, 49480, 49632, 49980, 50139, 50453, 50510, 50876, 50889, 51021, 51092, 51099, 51118, 51271, 51692, 51963, 51984, 52170, 52282, 52443, 52489, 52531, 52684, 52699, 52732, 52809, 53003, 53008, 53114, 53190, 53357, 53384, 53425, 53437, 53446, 53450, 53483, 53500, 53697, 53768, 54103, 54123, 54314, 54518, 54580, 54587, 54734, 54742, 54882, 54916, 54925, 55026, 55242, 55327, 55553, 55734, 55815, 56046, 56049, 56071, 56175, 56219, 56275, 56325, 56616, 56693, 56722, 56749, 56757, 56814, 56941, 57120, 57244, 57276, 57458, 57458, 57554, 57686, 57730, 57763, 57790, 57823, 57935, 58213, 58229, 58246, 58292, 58330, 58645, 58706, 58743, 59021, 59041, 59189, 59199, 59209, 59247, 59285, 59402, 59580, 59800, 59918, 60091, 60234, 60345, 60372, 60396, 60426, 60490, 60597, 60780, 60984
THIS IS AN ISSUE!!! Why does my camera keep trying to access the web?
I recently added some Amcrest IP cameras.
I created a firewall rule disallowing all traffic incoming and outgoing for the STATIC IP addresses. In the cameras I disabled checking for updates, disabled NTP to an outside IP address, disabled P2P, disabled every type of service that would be reaching out to the web. In the firewall logs I see the cameras repeatedly trying to access the web. In a 10 minute window a single camera is generating 216 block messages. The PORT that is being used is random and changes every time. Following are the ports being used in a 10 minute window (sorted numerically):
32914, 33005, 33013, 33033, 33165, 33384, 33429, 33431, 33489, 33617, 33734, 33915, 33925, 33939, 34093, 34330, 34333, 34394, 34503, 34582, 34756, 34855, 34900, 34936, 35096, 35196, 35417, 35460, 35479, 35639, 35667, 35851, 36017, 36066, 36352, 36597, 36853, 37054, 37233, 37239, 37491, 37547, 37621, 37635, 37826, 37936, 38025, 38029, 38046, 38169, 38445, 38489, 38515, 38775, 39189, 39328, 39363, 39623, 39704, 39710, 39821, 40040, 40064, 40105, 40153, 40337, 40419, 40474, 40547, 40676, 40681, 40727, 40802, 40974, 41021, 41062, 41198, 41349, 41380, 41417, 41482, 41490, 41941, 42010, 42091, 42139, 42174, 42176, 42204, 42206, 42299, 42319, 42496, 42661, 43025, 43037, 43071, 43225, 43314, 43479, 43520, 43548, 43618, 43682, 43689, 43741, 43766, 43913, 43951, 43992, 44045, 44167, 44343, 44359, 44610, 44631, 44664, 44737, 44939, 45007, 45022, 45230, 45284, 45292, 45309, 45368, 45378, 45391, 45422, 45473, 45609, 45616, 45705, 46006, 46067, 46212, 46216, 46281, 46367, 46413, 46620, 46664, 46915, 46924, 46978, 46984, 47053, 47053, 47166, 47187, 47447, 47558, 47590, 47602, 47651, 47717, 47777, 47804, 47823, 48240, 48537, 48786, 48802, 48829, 48843, 48872, 48938, 49118, 49144, 49187, 49260, 49416, 49480, 49632, 49980, 50139, 50453, 50510, 50876, 50889, 51021, 51092, 51099, 51118, 51271, 51692, 51963, 51984, 52170, 52282, 52443, 52489, 52531, 52684, 52699, 52732, 52809, 53003, 53008, 53114, 53190, 53357, 53384, 53425, 53437, 53446, 53450, 53483, 53500, 53697, 53768, 54103, 54123, 54314, 54518, 54580, 54587, 54734, 54742, 54882, 54916, 54925, 55026, 55242, 55327, 55553, 55734, 55815, 56046, 56049, 56071, 56175, 56219, 56275, 56325, 56616, 56693, 56722, 56749, 56757, 56814, 56941, 57120, 57244, 57276, 57458, 57458, 57554, 57686, 57730, 57763, 57790, 57823, 57935, 58213, 58229, 58246, 58292, 58330, 58645, 58706, 58743, 59021, 59041, 59189, 59199, 59209, 59247, 59285, 59402, 59580, 59800, 59918, 60091, 60234, 60345, 60372, 60396, 60426, 60490, 60597, 60780, 60984
THIS IS AN ISSUE!!! Why does my camera keep trying to access the web?