- 2,663
- 509
- NAS
- DS 718+, 2x-DS 720+
- Router
- RT2600ac
- Operating system
- Windows
- Mobile operating system
- iOS
Last edited:
A few years back, after learning that my HikVision camera's were being 'obsoleted', even though they still looked and ran fine! They would never get another security or firmware upgrade (Learned this in midst of HikVision Security Issue... This simplified the work-load on firmware writer's - apparently!)
Seeing that I only accessed cameras via Surveillance Station, I started in to isolate the cameras from the web..
When I started adding 4K cameras, that worked, but with no firmware updates that I could find...This became even more important... I had heard of cameras: "Phoning Home", and other weird things.... I didn't want ANY OF that...
I first experimented with & Still using, a BOGUS GATEWAY with no access to internet. First just entering an IP that didn't exist... This worked, but flooded the LAN with Messages.... The moment that was added the large amount of "WHERE IS? BOGUS GATEWAY IP" messages sent by each camera to all other devices on the LAN.
This was reduced to none... by taking an old router and giving it that IP, connecting it's LAN to my LAN, but then never connecting the WAN anywhere.... That ceased all WHEREIS messages....
But wondered: Would anything be smart enough to find the real Gateway? So I decided to do one more layer.... in 2600 Firewall (Real Gateway!) I added 4 rules... Placing them at top of list, in area I refer to as: Should Never Get 'Hits'!
1 deny for incoming TCP/UDP to Cam IP Range..
1 deny for outgoing TCP/UDP from Cam IP Range..
1 deny for incoming ICMP to Cam IP Range...
1 deny for outgoing ICMP from Cam IP Range...
Synology Router's Firewall can support 127 rules.... adding 4 didn't slow anything down.. on 2600.
Many years later.... No HITS on the 4 rules that I've ever seen! LAN is quiet regarding WHERE IS messages.... No issues with any cameras....
May not be elegant.... But it seems to be working!
Seeing that I only accessed cameras via Surveillance Station, I started in to isolate the cameras from the web..
When I started adding 4K cameras, that worked, but with no firmware updates that I could find...This became even more important... I had heard of cameras: "Phoning Home", and other weird things.... I didn't want ANY OF that...
I first experimented with & Still using, a BOGUS GATEWAY with no access to internet. First just entering an IP that didn't exist... This worked, but flooded the LAN with Messages.... The moment that was added the large amount of "WHERE IS? BOGUS GATEWAY IP" messages sent by each camera to all other devices on the LAN.
This was reduced to none... by taking an old router and giving it that IP, connecting it's LAN to my LAN, but then never connecting the WAN anywhere.... That ceased all WHEREIS messages....
But wondered: Would anything be smart enough to find the real Gateway? So I decided to do one more layer.... in 2600 Firewall (Real Gateway!) I added 4 rules... Placing them at top of list, in area I refer to as: Should Never Get 'Hits'!
1 deny for incoming TCP/UDP to Cam IP Range..
1 deny for outgoing TCP/UDP from Cam IP Range..
1 deny for incoming ICMP to Cam IP Range...
1 deny for outgoing ICMP from Cam IP Range...
Synology Router's Firewall can support 127 rules.... adding 4 didn't slow anything down.. on 2600.
Many years later.... No HITS on the 4 rules that I've ever seen! LAN is quiet regarding WHERE IS messages.... No issues with any cameras....
May not be elegant.... But it seems to be working!
