I'm using a network camera (IPCAM), connected by wifi to a Netgear (Nighthawk 8000) router which is behind a Comcast cablemodem. I just found out that on my cell phone, running the CAMHi app (made by the camera manufacturer), I can see the stream from the camera even though I'm not on my LAN (am far away, on Verizon network). I do not want the feature where I can access it from outside the house - I want to keep the data inside the LAN. I would have thought this is blocked by default on the router, but it seems that it's sending ID info and a video feed back to the company mother ship. Is this expected behavior for such setups and what is the best way to block it?
Asked
Active
Viewed 150 times
3
-
Hmm this depends on the router. Also the cameras. Someone gave me a wireless door cam that does this. Constantly trying to phone home to China. It's a feature to go around your private fire wall. The app connects to the company sever, so does the camera. This allows you to use the app from anywhere and pretty much any type of connection without port-forwards. Unfortunately, when we blocked the companies ip addresses in china, the door cam app would immediately crash back to the home screen. – Tim_Stewart Dec 07 '19 at 20:36
-
Please provide the exact make and model of your camera, as well as a link to the smartphone app in question. // If the camera maker has a relay service, you can probably disable its use on the camera’s web interface. – Daniel B Dec 07 '19 at 21:54
-
I wanted to solve this on the router end, because even if I disable it on the camera interface, I don't have a guarantee it's not still sending data back home. – mlevin77 Dec 08 '19 at 21:32
1 Answers
1
The webcam apparently uses Universal Plug and Play (UPnP) to open ports on the router that allow it to connect to the manufacturer's website. The phone app uses the same website to connect to the webcam, probably using it only as intermediary for connecting but does not stream video through the website (for throughput reasons).
To block it, you could disable UPnP on the router. If the Nighthawk is here just working as an extender, you should do that on the Comcast.
Note that this may block other apps from connecting out to the internet, if they use dynamic UPnP ports. This won't stop the browser, but will block for example most torrent clients. The remedy would be for each such application, to set it to use a static port number, and set the router to forwarded this port to your computer.
harrymc
- 455,459
- 31
- 526
- 924
-
I found a setting on my router that allows me to block specific services on specific IP addresses. I set it as blocked for ANY port on the camera's IP, and the phone app no longer can connect to it. Am I done, or are there still potential access points (like UPnP) that I need to worry about? – mlevin77 Dec 08 '19 at 21:34
-
1