Important Message from Foscam Digital Technologies Regarding US Sales & Service



We, Foscam.US (aka Foscam Digital Technologies and now Amcrest Technologies), are an independent United States based distributor of "Foscam" branded products. We have been offering telephone support, US local warranty and building the Foscam brand in the US for the past 7 years. However, we are deeply saddened to report that, even after all of this, our overseas suppliers have decided to undercut us and supply to our major customers directly. For this reason, we have no choice but to suspend telephone support for all Foscam branded products. If you have purchased a Foscam camera directly from us or from one of our authorized retailers, technical support is still available via email at support@foscam.us.


For customers who have not purchased from us directly, we advise you to please contact Foscam Shenzhen or the distributor which you have purchased from. In the meantime, we have launched our own new brand of IP cameras called Amcrest, which has superior quality products and full telephone technical support 7 days per week. We hope you can support us in our new venture. For more information, please visit www.Amcrest.com.



Foscam Dialing Out to Suspect Hosts

Users can ask and answer questions regarding Foscam IP Cameras

Moderators: mycam, FOSCAM

Re: Foscam Dialing Out to Suspect Hosts

Postby _1234567 » Wed Jan 13, 2016 1:57 pm

Hi Dannyo,

dannyo wrote:This is the response I received from Foscam.com tech support concerning the issue......


Thanks for the info, what can I say.....
Not completely satisfactory :-/

I guess perhaps the best is to reply with a request for additional info since ( as you are aware :-) ) the connections are there even with p2p switched off.
Maybe also point them to these forums and ask them to give a more in-depth explanation here in reaction. I was hoping they would do so by themselves.

I will try to use my log-script to see if I can get a list of all their server I see and see if they are indeed restricted to the list above....
_1234567
 
Posts: 10
Joined: Thu Jan 07, 2016 8:38 am

Re: Foscam Dialing Out to Suspect Hosts

Postby dannyo » Wed Jan 13, 2016 2:46 pm

Yes, I responded to their email asking when P2P is turned off then why the continuous request response situation for the cameras?
They probably contracted with co-location services servers for their P2P services?
Awaiting their response....Tks!
dannyo
 
Posts: 224
Joined: Tue Jan 08, 2013 11:22 pm

Re: Foscam Dialing Out to Suspect Hosts

Postby dannyo » Wed Jan 13, 2016 9:23 pm

Here is Fosccam tech support response......
Hi Daniel,

Because of time difference, sorry for the late reply!

Actually, even you have disabled P2P function in camera settings, in the camera mainbord, the camera information still sync with P2P server in case camera enabled P2P settings all of sudden.

In this case, it will give a good experience when view the camera, and P2P server can response to camera timely instead of get delay or data loss, which had bad experience when view camera .

Besides, if you don't want to view the camera outside home network , you can block the 10001 port in your router settings, but in this way , you will not able to view the camera when outside home network.

Have a nice day!

Any problem, please feel free to contact me.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Your satisfaction is our goal.
Are you satisfied with our service?
Our aim is to provide perfect service,so your suggestions are appreciated.
If you are not satisfied, please e-mail aftersales@foscam.com with your assessment or feedback.

Best Regards
Tina Lu (Ms.)
Customer Service Dep.
Email: tech3@foscam.com
ShenZhen Foscam Intelligent Technology co., Ltd.
Website:www.foscam.com

I did mention that blocking port 10001 doesn't seem to impact my access to the cameras via wan/internet. I did mention the high utilization to my router when blocking that port......
dannyo
 
Posts: 224
Joined: Tue Jan 08, 2013 11:22 pm

Re: Foscam Dialing Out to Suspect Hosts

Postby _1234567 » Thu Jan 14, 2016 9:51 am

Hi,

Mmm, thanks, ok. I will also send them a message, and point them to the fact that I also see connections to IP's at other ports....

I did mention that blocking port 10001 doesn't seem to impact my access to the cameras via wan/internet.

What do you mean by that? Can you still use some foscam-app to access your camera 'p2p' , even with 10001 blocked ? ( I didn't actually try myself).

On the other hand, it might be explainable that blocking 10001 is not enough: I see connections on other ports (80,443,8000, 21047) that remain, even when blocking 10001.
See below, do you or someone else also see those connections ?

Code: Select all
TCP
tcp src=192.168.0.186 dst=46.137.188.54  dport=80
tcp src=192.168.0.186 dst=50.19.254.134  dport=443 [UNREPLIED]
tcp src=192.168.0.186 dst=61.188.37.216  dport=8000 [UNREPLIED]
tcp src=192.168.0.186 dst=61.188.37.216  dport=8000
tcp src=192.168.0.186 dst=74.125.31.99  dport=80 [UNREPLIED]
UDP
udp src=192.168.0.186 dst=168.1.83.89 sport=59970  dport=10001
udp src=192.168.0.186 dst=175.41.238.100 sport=59970  dport=21047
udp src=192.168.0.186 dst=176.58.116.160 sport=59970  dport=10001
udp src=192.168.0.186 dst=23.234.53.61 sport=59970  dport=10001
udp src=192.168.0.186 dst=23.234.53.67 sport=59970  dport=10001
udp src=192.168.0.186 dst=50.7.114.59 sport=59970  dport=10001
udp src=192.168.0.186 dst=50.7.124.48 sport=59970  dport=10001 
udp src=192.168.0.186 dst=50.7.176.18 sport=59970  dport=10001
udp src=192.168.0.186 dst=50.7.44.82 sport=59970  dport=10001
IP DST SUMMARY:
TCP:
     25 dst=46.137.188.54
     56 dst=50.19.254.134
     40 dst=61.188.37.216
     56 dst=74.125.31.99
UDP:
   2000 dst=168.1.83.89
      6 dst=175.41.238.100
   2000 dst=176.58.116.160
   2000 dst=23.234.53.61
   2000 dst=23.234.53.67
   2000 dst=50.7.114.59
   1999 dst=50.7.124.48
   2000 dst=50.7.176.18
   2000 dst=50.7.44.82
_1234567
 
Posts: 10
Joined: Thu Jan 07, 2016 8:38 am

Re: Foscam Dialing Out to Suspect Hosts

Postby concerneduser » Thu Jan 14, 2016 11:45 am

The spam prevention system for this forum is overzealous, to say the least.

After trying (unsuccessfully) to post my message for the last half hour, here it goes in parts.

Part I

Thank you (jimfreex) for reaching out to Foscam in regards to this issue Jim. I have also noticed some peculiar traffic from the Foscam Camera to external hosts. As I've observed these connection requests, I have compiled a list of IPs Foscam attempts to connect to, as well as configured a few firewall rules to allow necessary traffic and block ancillary traffic. Below you will find both the list of IPs and the rules, along with a sample of Firewall alerts generated by the Foscam Camera.

Code: Select all
114.215.179.104
122.226.84.253
122.248.234.207
167.206.87.147
168.1.83.89
175.41.238.100
176.58.116.160
202.96.134.133
203.143.89.106
220.181.111.147
23.234.53.61
23.234.53.67
46.137.188.54
50.19.254.134
50.7.114.59
50.7.124.48
50.7.176.18
50.7.235.90
50.7.44.82
61.188.37.216
68.192.249.119
74.125.31.99


Mirrors
https://pastebin.com/raw/QE4xhXyw
https://gist.githubusercontent.com/anonymous/d2fe43ecc7637ef866de/raw/0b0dc6066f87420b2b72ef860249729eff5d2099/gistfile1.txt

Foscam Rules (right-click and open image in new tab if it is cut off on the right edge)
Image

Foscam Alerts
Image
Last edited by concerneduser on Sun Jan 17, 2016 10:06 pm, edited 5 times in total.
concerneduser
 

Re: Foscam Dialing Out to Suspect Hosts

Postby concerneduser » Thu Jan 14, 2016 11:45 am

Part II

Points of concern:
- Foscam ensures telemetry is compulsory. Disabling "P2P" and DDNS have no effect.
- Most users will not notice this behavior or take time to mitigate the threat. Those users will be subject to Foscam's tracking with no knowledge that it's even taking place.
- Foscam's recommendation to user is to block 10001 to stop telemetry. Unfortunately, Foscam also makes connection requests on (at least) ports 80, 8000, and 443.
- Foscam loads the device with a self-signed cert and private key, and offers no option to remove or replace them.
- Foscam's Forums exclusively use HTTP. Requiring a user to broadcast their email address and intended username/password combination in plain text during registration, and subsequently during login attempts (though the email is not transmitted during login). I implore anyone reading this to at least change their password for this forum to something unique (a password you will not use on other sites). And if you are already using your Foscam Forums password for other services, change the passwords to those other services... you never know who may be intercepting your traffic over HTTP.

If anyone discovers their device is making connection requests to addresses not listed above, please include those addresses in this thread.

Finally, I am not knocking the Foscam product per se. I am happy with the clarity, quality, and interface of the camera. Minor irritations are that the web interface does not work from mobile browsers, linux machines, or without downloading additional plug-ins. Also, Foscam uses a static preset DDNS sub-domain for each new ("P") camera, which makes finding (new, not-up-to-date) vulnerable cameras trivial, at best. What really bothers me is Foscam's modus operandi. Just because Foscam is a Chinese company, is not a reasonable excuse for such oversights.

if this post seems a bit all over the place, it's because I had to re-write my post from scratch. :evil:
concerneduser
 

Re: Foscam Dialing Out to Suspect Hosts

Postby dannyo » Thu Jan 14, 2016 12:50 pm

thanks concernerduser for the post......
I too get the connection requests to the ports you mentioned in your post.
Have you submitted your findings with Foscam? Others have and received the same response as I . I've been emailing tech3@foscam.com and cc: steven@foscam.com (pres., for what it's worth). My latest response from Foscam :

Hi Daniel,

Sorry to hear that!

After double checking with our R&D team, we are sorry that there is no other way to disable except blocked it in your router.

Thanks for your support of Foscam!

Any problem, please feel free to contact me.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Your satisfaction is our goal.
Are you satisfied with our service?
Our aim is to provide perfect service,so your suggestions are appreciated.
If you are not satisfied, please e-mail aftersales@foscam.com with your assessment or feedback.

Best Regards
Tina Lu (Ms.)
Customer Service Dep.
Email: tech3@foscam.com
ShenZhen Foscam Intelligent Technology co., Ltd.
Website:www.foscam.com
dannyo
 
Posts: 224
Joined: Tue Jan 08, 2013 11:22 pm

Re: Foscam Dialing Out to Suspect Hosts

Postby dannyo » Thu Jan 14, 2016 1:04 pm

_1234567 wrote:
I did mention that blocking port 10001 doesn't seem to impact my access to the cameras via wan/internet.

What do you mean by that? Can you still use some foscam-app to access your camera 'p2p' , even with 10001 blocked ? ( I didn't actually try myself).

I don't use P2P, it's "disabled" in the GUI.....
I can access via mobile or pc via wan.....
dannyo
 
Posts: 224
Joined: Tue Jan 08, 2013 11:22 pm

Re: Foscam Dialing Out to Suspect Hosts

Postby concerneduser » Thu Jan 14, 2016 1:08 pm

dannyo wrote:thanks concernerduser for the post......
I too get the connection requests to the ports you mentioned in your post.
Have you submitted your findings with Foscam? Others have and received the same response as I . I've been emailing tech3@foscam.com and cc: steven@foscam.com (pres., for what it's worth). My latest response from Foscam :

Hi Daniel,

Sorry to hear that!

After double checking with our R&D team, we are sorry that there is no other way to disable except blocked it in your router.

Thanks for your support of Foscam!

Any problem, please feel free to contact me.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Your satisfaction is our goal.
Are you satisfied with our service?
Our aim is to provide perfect service,so your suggestions are appreciated.
If you are not satisfied, please e-mail aftersales@foscam.com with your assessment or feedback.

Best Regards
Tina Lu (Ms.)
Customer Service Dep.
Email: tech3@foscam.com
ShenZhen Foscam Intelligent Technology co., Ltd.
Website:www.foscam.com


No, I have not reached out to Foscam, yet. I will use Jim's email as a template and send an email to the addresses you mentioned. I truly don't expect anything to come from it, but the more people who bring their concerns to Foscams attention, the better.

Though if we can learn anything from their Better Business Bureau page (https://www.bbb.org/houston/business-reviews/computers-supplies-and-parts/foscam-digital-technologies-llc-in-houston-tx-90018826/), it's that the only thing Foscam is concerned about is money, nothing else.
concerneduser
 

Re: Foscam Dialing Out to Suspect Hosts

Postby drooler » Thu Jan 14, 2016 1:58 pm

Wow. I use BI software including their downloadable remote access for androids. Blue Iris uses port 81 for the web server by default. My DSL router advanced firewall settings allow me to pass or block incoming and outgoing traffic for each of the categories below. The only way for me to block port 10001 and some of the other IPs being contacted was to use the block everything else option listed below and marked with **. Unfortunately, port 81 is also blocked so BI can not be accessed remotely now. I can not change the server port address to 8080 instead of 81 as suggested by BI because 8080 also falls within the block everything else option.

DirectX Multimedia Control 2300 thru 2400, 47624, 2300 thru 2400 UDP, 6073 UDP
DirectTV STB 1 Multimedia Service 27161 thru 27163
DirectTV STB 2 Multimedia Service 27164 thru 27166
DirectTV STB 3 Multimedia Service 27167 thru 27169
DNS FTP 53
DNS QWEST FTP (not shown)
FTP File Transfer 20, 21
FTPS Secure File Transfer 990
H323 Video 1720
HTTP Web Service 80
HTTPS Secure Web Service 443
ICMP Echo Request Web Service N/A
ICMP Echo Reply Web Service N/A
ICMP TTL Expire Web Service N/A
ICMP Trace route Web Service N/A
IMAP Mail Service 143
IMAPS Mail Service 993
IPP Remote Printing 631
IPSEC VPN Service ESP(protocol 50), AH(protocol 51) and 500 UDP
IRC Chat Service 113, 194, 1024 thru 1034, 6661 thru 7000
L2TP VPN Service 1701 UDP
MSN Gaming Gaming Service 28800 thru 29100 TCP/ UDP
MySQL Database Management 3306
NNTP Newsgroup 119
NTP Newtork Time 123
Oracle SQL Database Management 66, 1525
PC Anywhere Remote Management 66, 1525 5631 TCP/ UDP, 5532 TCP/ UDP
PPTP VPN Service All GRE, 1723
POP3 Mail Service 110
POP3S Secure Mail Service 995
PS2 / PS3 Game Console 4658 TCP/ UDP, 4659 TCP/ UDP
RIP Web Service 520 UDP
REAL A/V Audio/ Video 7070
Real Server/ Quick Time Audio/ Video 7070, 6970 thru 7170 UDP
SFTP Secure File Transfer 22, 115
SIP Session Control 5060, 5061
SlingBox Media Service 5001
SMTP Mail Service 25
SQL Database Management 1433
SSH Secure Remote Management 22
T120 Conferencing Service 1503
Telnet Remote Management 23
VNC Remote Management 5500, 5800, 5801, 5900, 5901
Gmail Mail Service In 995,Out 465
Windows Messaging Windows Messaging 1024 thru 1030
Windows Service Windows Service 135 thru 139,445,1434
XBox Gaming Console 53 TCP/ UDP, 88 UDP, 3074 TCP/ UDP
Yahoo Messenger with Client Directory Chat Service 500 thru 5010, 5050, 5100, 6600 thru 6699
**All Other Ports Open or Close all IP ports not defined in the firewall table. All Undefined Ports

So. My options seem to be: 1) I can turn off ** port filtering and watch my router utilization increase and ignore the router excessive ram used messages that viruses are present on the network. My NAT will immediately fill up with probably 30 open ports to the remote servers. 2) buy a second router that has the capability to filter specific port numbers, such as 10001. I suppose the wireless cameras and BI web server could then be (for a better term) DMZed away from all other LAN/wireless traffic.

Any ideas on a router that has these port filtering capabilities? I have been searching but not much is detailed in the technical specs.

I would think Foscam would be a bit concerned with all of the network overhead this must be causing if lets say a business is monitoring 30 cameras. :x

Thanks.
drooler
 
Posts: 44
Joined: Tue Dec 08, 2015 9:55 am

PreviousNext

Return to Technical Support

Who is online

Users browsing this forum: Google [Bot] and 1 guest