Community discussions

MikroTik App
  4. RouterOS
  5. General

Chinese IP Cameras

Post Reply
 
user8FJHFKFG8
newbie
Topic Author
Posts: 31
Joined: Mon Jun 18, 2018 8:51 am

Chinese IP Cameras

Sun Sep 02, 2018 10:59 am

I created a few IPs (a /28) in my DHCP range which I have set aside for IP Cameras (Hikvision, Dahua etc),
then, I made a firewall rule for these IPs
Code: Select all
add action=drop chain=forward comment="No Outside Access" dst-address=!192.168.0.0/16 src-address=192.168.110.128/28
I have noticed a lot of attempts to connect to a few various Chinese based IPs (not DNS requests) after implementing this. I'm hoping this rule will be enough to keep my LAN safe from whatever chatter is going on
Top
 
Sob
Forum Guru
Forum Guru
Posts: 9121
Joined: Mon Apr 20, 2009 9:11 pm

Re: Chinese IP Cameras

Sun Sep 02, 2018 3:15 pm

Sounds like something I'd really love to have in my network. ;) Maybe in VLAN, completely isolated from everything else.
Top
 
User avatar
mkx
Forum Guru
Forum Guru
Posts: 11627
Joined: Thu Mar 03, 2016 10:23 pm

Re: Chinese IP Cameras

Sun Sep 02, 2018 3:35 pm

What happens is those devices are served with DHCP assignment without defining a gateway?
Top
 
jboban
just joined
Posts: 10
Joined: Wed Nov 24, 2010 2:27 am

Re: Chinese IP Cameras

Sun Sep 02, 2018 5:11 pm

Without gateway they will not going outside.
Top
 
User avatar
CZFan
Forum Guru
Forum Guru
Posts: 2098
Joined: Sun Oct 09, 2016 8:25 pm
Location: South Africa, Krugersdorp (Home town of Brad Binder)
Contact:
Contact CZFan

Re: Chinese IP Cameras

Sun Sep 02, 2018 9:20 pm

A lot of these Chinese IP Camera use P2P networking to their "cloud based" server to view from anywhere, I will tread very careful providing access to my LAN and Internet for these
Top
 
User avatar
mkx
Forum Guru
Forum Guru
Posts: 11627
Joined: Thu Mar 03, 2016 10:23 pm

Re: Chinese IP Cameras

Sun Sep 02, 2018 11:02 pm

Without gateway they will not going outside.
In theory yes. I'd be interested to see somebody verify that. And to verify that they still function properly if connected from within same LAN segment.
Top
 
user8FJHFKFG8
newbie
Topic Author
Posts: 31
Joined: Mon Jun 18, 2018 8:51 am

Re: Chinese IP Cameras

Mon Sep 03, 2018 2:07 am

Without gateway they will not going outside.
In theory yes. I'd be interested to see somebody verify that. And to verify that they still function properly if connected from within same LAN segment.
Yea I was thinking they may not pull a DHCP address without a gateway, I plugged in an 'Anpvis' IP camera where that seemed to be the case..

I'm not sure running a VLAN through my LAN would do anything? That would just be a different port on my router, going to the same unmanaged switch?
Top
 
user8FJHFKFG8
newbie
Topic Author
Posts: 31
Joined: Mon Jun 18, 2018 8:51 am

Re: Chinese IP Cameras

Mon Sep 03, 2018 2:08 am

Sounds like something I'd really love to have in my network. ;) Maybe in VLAN, completely isolated from everything else.
The worst part was how long I didn't have this rule :shock: even though I know I should have..
Top
 
User avatar
k6ccc
Forum Guru
Forum Guru
Posts: 1497
Joined: Fri May 13, 2016 12:01 am
Location: Glendora, CA, USA (near Los Angeles)
Contact:
Contact k6ccc

Re: Chinese IP Cameras

Mon Sep 03, 2018 5:27 am

I also have a bunch of Chinese cameras at home. I created a dedicated VLAN for them that is firewalled so that they can get to the internet (required for remote viewing), and nothing else on my home networks.
Top
 
whitbread
Member Candidate
Member Candidate
Posts: 119
Joined: Fri Nov 08, 2013 9:55 pm

Re: Chinese IP Cameras

Mon Sep 03, 2018 9:25 am

Do not forget to route them through anonymous proxy or gateway.

Or use onvif cameras together with your nas and stop those cameras' outbound communication at all.

Btw - same applies for all IoT devices (including Win10 computers)!
Top
Post Reply

Who is online

Users browsing this forum: akakua, Bing [Bot], complexxL9, Google [Bot] and 200 guests
  4. RouterOS
  5. General