Question Problem accessing my IP camera ?

sacentre

Distinguished
Jan 9, 2014
26
0
18,530
I have been able to access my D-Link IP camera remotely by using my Public IP address with a Windows browser. Suddenly today it stopped working and returned the , "The connection was reset" message.

Now, I find it will work if I add the port number after the IP address 220.255.XXX.XXX: XX which is something I never had to do before. Can anyone suggest what has changed?

TIA

Background (in case it helps)
For years I've been using a hostname to access this camera remotely. The hostname (eg "Mycamera.ddns.net) is registered with No-IP.com ". From time to time however, my public IP will change (I assume my ISP is doing this) and it can take days for No-IP's DDNS service to update the new IP to my hostname. However, I can update it manually by logging into my account and updating the new IP against my hostname myself after which it will work fine - until, once again, it doesn't.

Rather than keep doing this, I decided to just use the Public IP address which I can check with WhatsMyIP to see if/when it changes and just update my browser shortcut as and when necessary. As I say above, the IP address on its own worked fine but now it works only if I add the port number.
 
Last edited:
I assume you changed the port to be other than say 80. NO-IP has a feature that lets you translate the port to something else, did you configure that option.

It is very hit and miss if the router will correctly update no-ip or similar sites when the IP changes but I don't know what other option you have. If the IP would change when you are not home I can't see how you would ever find it. I guess it is lucky that most people IP do not change very often. I think mine has been the same for over 6 months now.

In some ways this is good ?. Using non standard ports makes the hacker first find the port and then attempt to hack it. Port 80 and a couple others are attacked so much that some ISP block incoming traffic to them and many routers also limit the ability to use some very common ports.

In general you should not access a camera from the internet. These devices have a history of having massive security exposures. This is in addition to the poor security in the design when it is running normally. Most cameras feeds are not encrypted they even send the passwords if you have them set in the clear. So someone who can intercept your traffic can just see what password you type in as well as see any video feeds you are watching. This could partially be fixed if the cameras ran HTTPS but it does not solve the problem of the lack of support and all the backdoors you find in cameras.

In the longer term you may want to consider running a VPN server on your router and then access the cameras through the vpn tunnel. This of course has the same issue with the public IP changing, and I know of no way to fix that other than the dyndns needs to work.
 

sacentre

Distinguished
Jan 9, 2014
26
0
18,530
I assume you changed the port to be other than say 80. NO-IP has a feature that lets you translate the port to something else, did you configure that option.

It is very hit and miss if the router will correctly update no-ip or similar sites when the IP changes but I don't know what other option you have. If the IP would change when you are not home I can't see how you would ever find it. I guess it is lucky that most people IP do not change very often. I think mine has been the same for over 6 months now.

In some ways this is good ?. Using non standard ports makes the hacker first find the port and then attempt to hack it. Port 80 and a couple others are attacked so much that some ISP block incoming traffic to them and many routers also limit the ability to use some very common ports.

In general you should not access a camera from the internet. These devices have a history of having massive security exposures. This is in addition to the poor security in the design when it is running normally. Most cameras feeds are not encrypted they even send the passwords if you have them set in the clear. So someone who can intercept your traffic can just see what password you type in as well as see any video feeds you are watching. This could partially be fixed if the cameras ran HTTPS but it does not solve the problem of the lack of support and all the backdoors you find in cameras.

In the longer term you may want to consider running a VPN server on your router and then access the cameras through the vpn tunnel. This of course has the same issue with the public IP changing, and I know of no way to fix that other than the dyndns needs to work.

Thanks for the patient and detailed reply. I haven't fully understood all your technical points but I can confirm that I did change the port to 8000. As for the security issues you raise, I need to learn a lot more about those especially how to use an IP camera other than over the internet.

Right now, if anyone managed to view the camera feed, all they would see is my living room and a bunch of bookshelves. The camera is only ever on when no-one's at home. It's just there to record motion if anyone got through the door while I'm out. Motion triggers an email with video capture. The only devices running other than the camera are my optical router and wi-fi router.

I'm not sure if my original question was clear though. I can manage the fact that the IP changes from time to time. That's not a problem (as you say, I can't check my Public IP remotely).

What I was hoping to find out was why all of a sudden I need to add the port number after the IP when I never needed to do that before. The IP itself hasn't changed in months.
 
Last edited:
So if you use the numeric IP you must put the port in how else would it know it was 8000. It by default will use 80 if you do key it in.

It has been a while since I used NO-IP or maybe it was a different service I used. It had a special option that allowed it to both lookup the IP and redirect the port to another. This changing the port thing is not actually part of DNS it more of a web service thing. This port redirection is how https works where it is changed to 443 but again it is the server doing this.

Technically it should have never worked without keying in the port but some of these dyndns services have this as a added feature. Not sure I am too lazy to read the no-ip site.

I haven't looked at this in years because I always use a VPN access my home network and that has all the ports in the vpn client configuration so it only needs the name/ip translation.
 

sacentre

Distinguished
Jan 9, 2014
26
0
18,530
So if you use the numeric IP you must put the port in how else would it know it was 8000. It by default will use 80 if you do key it in.

It has been a while since I used NO-IP or maybe it was a different service I used. It had a special option that allowed it to both lookup the IP and redirect the port to another. This changing the port thing is not actually part of DNS it more of a web service thing. This port redirection is how https works where it is changed to 443 but again it is the server doing this.

Technically it should have never worked without keying in the port but some of these dyndns services have this as a added feature. Not sure I am too lazy to read the no-ip site.

I haven't looked at this in years because I always use a VPN access my home network and that has all the ports in the vpn client configuration so it only needs the name/ip translation.


Yes it's a puzzle why it worked ok without the port number but it did. I have edited the shortcut to include the port now so will just carry on using the IP + port to access the cam. I'm inclined to ignore the No-IP account now as I see no real need to use a hostname. Connecting via No-Ip adds quite a few seconds to the connection.

EDIT
Interestingly I just tried accessing the camera from my Android phone and from a Windows tablet using my telco data connection. The Android phone connected using port 8000 and the tablet on port 80. I have no idea why that should be.
 
Last edited:

Ralston18

Titan
Moderator

sacentre

Distinguished
Jan 9, 2014
26
0
18,530
Thank you for the links. I've just read through them. It's exactly the sort of stuff I need to learn but have to admit I'm out of my depth with much of it (being 75 doesn't help).

I'm just trial and error at this stuff. Only when something goes wrong then I start to dig around in the hope of finding out what changed. I rarely do.

As per my OP, I'm still curious as to why I suddenly need to add a port number to my camera IP address when it worked ok without one before.

Further to that EDIT I posted above your reply, I just logged in again on my Windows tablet using the cellular data connection and accessed my camera. To add even more to my confusion, I found I can connect using EITHER port 80 or 8000.

That's always been my problem: just when I think I've learned something, it changes. This must be all Werner Heisenberg's doing!!
 
Very strange especially if you did not put in a port forward rule for port 80 and only did 8000. If it is somehow changing from 80 to 8000 on the end device something must be telling it to do that.
You do not want port 80 open. In fact you are better off picking some random number, you want to use above 1000, and use that port. It is very common for hackers to scan all the common ports and 8000 is a very common used port. Just this junk traffic can sometime crash your equipment.
 

sacentre

Distinguished
Jan 9, 2014
26
0
18,530
Very strange especially if you did not put in a port forward rule for port 80 and only did 8000. If it is somehow changing from 80 to 8000 on the end device something must be telling it to do that.
You do not want port 80 open. In fact you are better off picking some random number, you want to use above 1000, and use that port. It is very common for hackers to scan all the common ports and 8000 is a very common used port. Just this junk traffic can sometime crash your equipment.

Thanks for that, Bill. It's probably just another of the many strange behaviours to add to the long list I'll never get to the bottom of. However, I'll keep monitoring and see what happens.

There are just so many variables in high-tech systems and IT is a bit like medicine I often think. One can only deal with statistically significant outcomes and probabilities and no problem has only one solution nor one that works 100% everytime. Technical issues often appear and sometimes disappear on their own. We want there to be a single, deterministic explaination that's always repeatable but it doesn't work that way. Thanks again.