Page 1 of 1
Chinese IP Cameras
Posted: Sun Sep 02, 2018 10:59 am
by user8FJHFKFG8
I created a few IPs (a /28) in my DHCP range which I have set aside for IP Cameras (Hikvision, Dahua etc),
then, I made a firewall rule for these IPs
add action=drop chain=forward comment="No Outside Access" dst-address=!192.168.0.0/16 src-address=192.168.110.128/28
I have noticed a lot of attempts to connect to a few various Chinese based IPs (not DNS requests) after implementing this. I'm hoping this rule will be enough to keep my LAN safe from whatever chatter is going on
Re: Chinese IP Cameras
Posted: Sun Sep 02, 2018 3:15 pm
by Sob
Sounds like something I'd really love to have in my network.
Maybe in VLAN, completely isolated from everything else.
Re: Chinese IP Cameras
Posted: Sun Sep 02, 2018 3:35 pm
by mkx
What happens is those devices are served with DHCP assignment without defining a gateway?
Re: Chinese IP Cameras
Posted: Sun Sep 02, 2018 5:11 pm
by jboban
Without gateway they will not going outside.
Re: Chinese IP Cameras
Posted: Sun Sep 02, 2018 9:20 pm
by CZFan
A lot of these Chinese IP Camera use P2P networking to their "cloud based" server to view from anywhere, I will tread very careful providing access to my LAN and Internet for these
Re: Chinese IP Cameras
Posted: Sun Sep 02, 2018 11:02 pm
by mkx
Without gateway they will not going outside.
In theory yes. I'd be interested to see somebody verify that. And to verify that they still function properly if connected from within same LAN segment.
Re: Chinese IP Cameras
Posted: Mon Sep 03, 2018 2:07 am
by user8FJHFKFG8
Without gateway they will not going outside.
In theory yes. I'd be interested to see somebody verify that. And to verify that they still function properly if connected from within same LAN segment.
Yea I was thinking they may not pull a DHCP address without a gateway, I plugged in an 'Anpvis' IP camera where that seemed to be the case..
I'm not sure running a VLAN through my LAN would do anything? That would just be a different port on my router, going to the same unmanaged switch?
Re: Chinese IP Cameras
Posted: Mon Sep 03, 2018 2:08 am
by user8FJHFKFG8
Sounds like something I'd really love to have in my network.
Maybe in VLAN, completely isolated from everything else.
The worst part was how long I didn't have this rule
even though I know I should have..
Re: Chinese IP Cameras
Posted: Mon Sep 03, 2018 5:27 am
by k6ccc
I also have a bunch of Chinese cameras at home. I created a dedicated VLAN for them that is firewalled so that they can get to the internet (required for remote viewing), and nothing else on my home networks.
Re: Chinese IP Cameras
Posted: Mon Sep 03, 2018 9:25 am
by whitbread
Do not forget to route them through anonymous proxy or gateway.
Or use onvif cameras together with your nas and stop those cameras' outbound communication at all.
Btw - same applies for all IoT devices (including Win10 computers)!