Camera traffic flooding with IP addresses
Camera traffic flooding with IP addresses
Hi all, ive got a question about a reolink camera. For context, lets pretend that the MAC of this camera is ec:71:db:85:ec:81. A sophos firewall is handling DHCP (and VLANS), and Unifi Switches. The camera passes through 2 PTP links, and the switch port they are connected to is on a vlan, but untagged. We can treat this like a flat network. The Unifi controller at one point showed over 70 devices with no IPs, slightly different MACs, and they are all connected to the same PTP link / switch port. I was able to narrow it down to the specific camera and enable port security on PTP SM to only allow 1 MAC on LAN. This appears to have "fixed" my problem, but I still feel like its not right. Why would one device be spamming 70+ MAC addresses? None of them show up in the DHCP server. Thoughts? Ive added a picture of some of the random MACs
Probably trying to bypass security by obtaining another DHCP address to connect to the phone network, assuming cameras are isolated in a different VLAN or your firewall restricts internet access. You’d have to replicate the port and analyze traffic with tools like Wireshark to understand the activity.
It seems like you were considering a solution. Most devices operate in their own VLAN. Resetting the camera should address the hack, but the problem returned.
Finally, another person facing this problem! I'm in the same situation. A bit more details about what's happening: It's just one camera out of four. It uses a specific MAC address for around five minutes. Connected via a wired setup to a UniFi USW-Flex-Mini, powered by a Reolink adapter. Also part of a VLAN with no internet access—will need to check port security and understand its functionality.
I identified the problem. I checked the camera and the ethernet connection between the PTP and its injector—it had worn through a box. I swapped out the cable, and everything worked again. Updated July 4, 2023 by TubsAlwaysWins