Important Message from Foscam Digital Technologies Regarding US Sales & Service

Foscam.US (aka Foscam Digital Technologies and now Amcrest Technologies) is an independent United States based distributor of "Foscam" branded products. We have been offering telephone support, US local warranty and building the Foscam brand in the US for the past 7 years. Based on our experiences with Foscam and feedback from end users we have launched our own new and improved line of wireless IP cameras and security systems under the Amcrest brand. Working in partnership with the second largest security camera manufacturer in the world, Amcrest was founded with a deep commitment to end-user privacy and security, highly reliable software and hardware as well a seamless and intuitive user experience. For more information, please visit www.Amcrest.com

If you are having trouble with your Foscam cameras, we sincerely apologize for this inconvenience and would love to help. For technical support, response to inquiries and for obtaining replacements for any Foscam IP Cameras or NVR products, please reach out to tech@foscam.com or call 1-844-344-1113.

If you are interested in exchanging your Foscam camera for an Amcrest camera, we can offer you a massive loyalty discount, even if you are out of warranty. Please send an email to support@amcrest.com, sales@amcrest.com or call 1-888-212-7538

If you are subscribed to Foscam Cloud (www.foscamcloud.com), please contact cloud@foscam.us for support.

If you currently use the manufacturer's cloud service (www.myfoscam.com or linked in any way to www.foscam.com), you will need to contact them directly for support, at www.myfoscam.com.


Foscam Dialing Out to Suspect Hosts

Users can ask and answer questions regarding Foscam IP Cameras

Moderators: mycam, FOSCAM

Re: Foscam Dialing Out to Suspect Hosts

Postby dadoremix » Sun Dec 27, 2015 3:17 am

p2p traffic / cloud? for alarm and push message
dadoremix
 
Posts: 22
Joined: Wed Dec 23, 2015 1:53 am

Re: Foscam Dialing Out to Suspect Hosts

Postby drooler » Sun Dec 27, 2015 3:05 pm

hokie21:

Thanks for the urls for articles on other manufactures having similar unsolicited connections to remote servers.

I turned on port filtering about a week ago and all of the connections to port 10001 have disappeared from the NAT table. I turned off the filtering today and bam the NAT table was immediately flooded with outgoing camera connections to those remote servers. I wonder what amount of network overhead these unsolicited connections are wasting even though they can not get through the router when filtering is turned on.

I use Blue Iris software. Unfortunately, my router has predefined tables for port filtering and port 81 is in the "everything else" range I also use to filter out port 10001. So now I can not access the BI server remotely because port 81 is used by the BI web server. I even tried opening port 81 using port forwarding but the predefined port filtering list overrides the exclusion list.

I am going to investigate whether I can change port 81 used by BI to another port number that is not in the router predefined port filtering range. I wish I could just specify port 10001 to filter but it is not a router option.

Tech support still has not answered my questions. So BI software is worthless for remote monitoring now.

I have held off buying any more Foscam cameras until this problem is solved. :(
drooler
 
Posts: 44
Joined: Tue Dec 08, 2015 9:55 am

Re: Foscam Dialing Out to Suspect Hosts

Postby hokie21 » Sun Dec 27, 2015 4:50 pm

I am using Tomato "Shibby" software on my router. This software can be installed on many different router hardware platforms. This software will allow you to block access for your cameras. I don't believe the fact that I can block access at my router should excuse Foscam from solving this problem with their cameras.
hokie21
 
Posts: 2
Joined: Sat Dec 26, 2015 10:26 pm

Re: Foscam Dialing Out to Suspect Hosts

Postby dannyo » Tue Dec 29, 2015 11:33 am

Anyone hear from Foscam about this issue? I'm still blocking those suspect ports in question but it's eating some cpu cycles on my router.......
dannyo
 
Posts: 225
Joined: Tue Jan 08, 2013 11:22 pm

Re: Foscam Dialing Out to Suspect Hosts

Postby drooler » Tue Dec 29, 2015 2:42 pm

Dannyo: No they have not contacted me in weeks. As indicated above, I turned off IP filtering on the suspected ports for just a few minutes and the NAT table filled up immediately with requests to servers. I am going to try to get my network monitoring software running up today and see just how much the cameras are clobbering the router with requests. Regards.
drooler
 
Posts: 44
Joined: Tue Dec 08, 2015 9:55 am

Re: Foscam Dialing Out to Suspect Hosts

Postby dannyo » Tue Dec 29, 2015 3:56 pm

Thanks Drooler! Apparently this is an ongoing issue. Don't know if you have seen this thread:

outgoing-connection-to-98-126-58-10-port-10001-t10717.html?hilit=10001

This post goes back to Sept 2014. I currently have and FI9821W V2, FI8906W and an FI9803P. The FI9803P is the only cam that exibits these symptoms, all others are fine. If I shut down the FI9803P problem goes away. If I startup the FI9803P problem returns. All P2P turned off, I must still block port 10001 at the router and as a result CPU goes up, Memory utilization high. The camera still operates local/wan/alerts though.
dannyo
 
Posts: 225
Joined: Tue Jan 08, 2013 11:22 pm

Re: Foscam Dialing Out to Suspect Hosts

Postby drooler » Wed Dec 30, 2015 1:28 pm

Thanks - I had not seen that other thread on 10001. There is at least three threads now.

I was able to get Wireshark network analysis software up and running on my Ethernet and wireless connections. All of my cameras are wireless but only seems to appear on the newer camera models bought this year. I will try turning off the router IP port filtering and see what I can capture. I posted the camera model numbers earlier.

I really want to know why these connections are being made to remote servers and what data is being transmitted. Very creepy.

It leads me to believe the camera operating system is compromised or was designed that way. I have turned off all unnecessary services and the problem still exists.

I will try to work on it later today or tomorrow. :geek:
drooler
 
Posts: 44
Joined: Tue Dec 08, 2015 9:55 am

Re: Foscam Dialing Out to Suspect Hosts

Postby ken52787 » Thu Dec 31, 2015 4:12 pm

So I finally got the traffic dump running on one of my C1 cameras.

Attached is a dump of a few minutes of the suspicious traffic. I used the filter "udp.port == 10001". I booted the camera up with the dump started so this is all traffic including any initial handshake. Open it in Wireshark.

The good news is that there isn't all that much traffic going back and forth. It's about 60 bytes each direction every 40 seconds or so. If someone is spying on us, they're not getting images or video. It also seems to be the same thing over and over, so its may be some sort of ping/heart beat. I haven't looked into the traffic beyond a quick glance, so I still don't know what exactly it is doing. Hopefully someone smarter than I can take a look and shed some light on it.

I've also followed a stream to one of the hosts and exported that as a PDF for those who just want to take a glance.
ken52787
 
Posts: 5
Joined: Sat Sep 13, 2014 4:37 pm

Re: Foscam Dialing Out to Suspect Hosts

Postby drooler » Thu Dec 31, 2015 6:31 pm

ken52787:

I will take a look at the dump tomorrow you posted.

I wish Foscam tech support would look at the dump and let us know what is causing the remote servers to be contacted. I can understand if the Chinese manufacture is collecting usage information or something else but some of those end destination addresses point to some weird server owners, like the one in Thailand at some club.

Thanks much.
drooler
 
Posts: 44
Joined: Tue Dec 08, 2015 9:55 am

Re: Foscam Dialing Out to Suspect Hosts

Postby awkwardrodent » Mon Jan 11, 2016 11:18 am

Thanks for the long, interesting thread.

I'm thinking it's likely some idiot / lazy programmer set up these pings to test out the cameras in Development / QA, and forgot to turn them off for production. In my experience, it's usually incompetence, rather than intentional malfeasance that causes these strange issues.

But who knows... would really like to know the resolution of this issue.
awkwardrodent
 
Posts: 8
Joined: Tue Jul 21, 2015 3:01 am

PreviousNext

Return to Technical Support

Who is online

Users browsing this forum: No registered users and 7 guests