[SOLVED] Disabling WAN Access

[robburne]

Hi all - I want to disable WAN access to my home IP Camera - the type which is vulnerable to compromise.

In my router I have blocked all inbound ports 1-65535 TCP/UDP and I have disabled UPnP - but I am still able to connect to the camera's on my phone's app when disconnected from my LAN and using my phone's data network.

Any ideas - thanks!

 

[gmagdna]

router make and model?

Is it connected directly to the internet? Or it behind another router?

 

[robburne]

The router is branded by my ISP, it is a Sky Hub:

https://www.expertreviews.co.uk/networks/1404519/sky-q-hub-review-a-well-overdue-router-upgrade

Connected directly to the internet.

Thanks.

 

[SkyNetRising]

Set up mac address filtering. Deny your IP camera to connect to internet.

 

[DeauteratedDog]

Can you set the gateway/default router to blank in the IP camera? Then it won't be able to reach the internet.

 

[robburne]

Unfortunately the router does not offer MAC filtering. I tired to edit the camera's IP settings but when I click to save I get a nonsense error message - I guess the price you pay for cheap junk not fit for purpose.


Regardless I have added the dynamically assigned port to my firewall rules blocking all traffic to the IP on UDP/TCP 1:65535, disconnected from wifi and using network data I can still connect.

I am lost!

 

[kanewolf]

Hi all - I want to disable WAN access to my home IP Camera - the type which is vulnerable to compromise.

In my router I have blocked all inbound ports 1-65535 TCP/UDP and I have disabled UPnP - but I am still able to connect to the camera's on my phone's app when disconnected from my LAN and using my phone's data network.

Any ideas - thanks!

Set static IP addresses on the cameras. Don't put in a gateway IP address. Without a gateway IP to the router, they won't be able to access the internet.

 

[robburne]

As mentioned - the camera will not save the changes made to the IP configuration. Likely buggy/crappy firmware I guess and hence the cheap price these are offered for sale at!

 

[kanewolf]

As mentioned - the camera will not save the changes made to the IP configuration. Likely buggy/crappy firmware I guess and hence the cheap price these are offered for sale at!

Then you have to not wire them to your primary network if your router doesn't have sufficient capabilities to block them. You could buy a better router. Or you could setup an isolated network. You could use a wireless router that doesn't have the WAN connected. Setup a separate SSID that you connect to if you want to access the cameras.

 

[bill001g]

The cameras must be connecting to some server on the internet.

By default if you set nothing the NAT will block any attempt to connect to a camera from the internet. This is why you must set port forwarding rules for things like mine craft servers. Without any rules the NAT will automatically drop any incoming session since it does not know where to send it.

So you ability to connect to the camera must be some other function than directly connecting to the camera.

What IP are you connecting to. To connect to multiple cameras in your house would be almost magic since you only have 1 ip address

 

[gmagdna]

What camera make and model?

Is there a model number other than what you’ve provided? From what I can find the Sky Q has MAC filtering under a MAC address security setting. Just tying to sort why yours doesn’t.

Another possibility: can you set up a guest network and connect to that, but limit it to LAN. Leave the gateway blank for it. This is same/similar to what @kanewolf suggests.