How can I stop cameras from making so manyt DNS requests
I have security concerns over the use of the C100 and C200 Security Cameras.
In any 24 hour period a single camera makes around 22,750 DNS requests to one of five addresses.
The requests are split as:
euw1-relay-dcipc.i.tplinknbu.com 14071
n-device-api.tplinkcloud.com 1239
n-devs-dcipc.tplinkcloud.com 1029
n-deventry-dcipc.tplinkcloud.com 620
Each camera records to a microSD, is not connected to the app, and is kept separated from my main network. I access it (if I need to, which is not often) via a privately set up VPN directly to the devices MAC/IP address.
Is there a way to stop each camera from making so many requests (other than simply blocking them via a pi-hole)?
Also, what is the need for each camera to make so many requests out of my network? I do not believe it is simply to check for software updates as all camera work fine with no updates what so ever.
- Copy Link
- Subscribe
- Bookmark
- Report Inappropriate Content
I just got home after spending Christmas with family. During this time there has been little to no activity on my network, apart from the TWO AND A QUARTER MILLION requests made by the Tapo cameras over five days :D
This is absolutely ridiculous.
During the same time, the entirety of my network (not counting the cameras) produced about 25 000 rows in my firewall logs :)
- Copy Link
- Report Inappropriate Content
After a few days without issues my cam started to ping tplinknbu.com again every 6 seconds. So it's not fixed. I hope everyone uses the Feedback option in the app to tell them to fix it!
I already got an answer from support. He said "since the camera needs to get a relay from the cloud server it's normal to send a request to that domain". But the camera never did this before and I am not using any cloud servers so this is BS of course.
- Copy Link
- Report Inappropriate Content
It looks like the domain being requested changes based on some unknown basis with the format:
euw1-relay-i-xxxxxxxxxxxxxxxxx.dcipc.i.tplinknbu.com
One of my cameras is requesting a domain
euw1-relay-i-012b864713b9c51ba.dcipc.i.tplinknbu.com
which does not exist, so it repeats the DNS query every 6 seconds
.
Another camera requests a similar domain which does exist, so just makes the query once every 15 mins
Rebooting the camera can force it to request a new domain, but that doesn't always work.
- Copy Link
- Report Inappropriate Content
@Tescophil I know, it's got worse since I first registered the issue.
In the last 24 hours my cameras have made 69,782 requests to four different websites!
The app now states only local control can be made to the cameras and suggests to change this I:
- Make sure your router has internet access
Me: of course it does, how else could I be connecting the camera's to the app!?!)
- Unplug your Tapo device and plug it back into the power outlet
Me: all devices have been uninstalled, then reinstalled using fresh instance of app, no difference)
- Try changing the DNS server to 8.8.8.8 on your router. If you don't know how to do this, please contact your router's customer support
Me: now why do they need access to Google's DNS over any other provider? I use a combination of OpenDNS, Level3, Comodo, DNSWatch, and Cloudflare... now what can Google do that five other DNS Servers not do?
On top of which the app no longer records footage, so I can no longer record footage direct to my phone... unless I sign up for their cloud services, pay a monthly fee and let them have access to all my footage, then I can get back the functionality of the devices that I had when I first bought them.
Has anyone hacked these camera's yet? I think a trip to github etc is in order... if I find anything out I will update this thread.
- Copy Link
- Report Inappropriate Content
@KalleKat I run pi-hole on my Raspberry Pi 4B. It's a light weight DNS blocker but very revealing about your internet traffic.
Basically, every time a device makes a request to the internet it sends a request to a DNS server (ie Google, DNSWatch, OpenDNS, Cloudflare etc) asking for a sites IP address. The pi-hole sits in between my router and my devices, and when a device asks for a specified address that I have blocked (known as blacklisting) rather than the request being sent on to the DNS server, my pi-hole replies to the device saying "sorry, no idea, that address does not exist". Oddly, my cameras still record footage and I can access the footage from my android phone but I some features are blocked from me*.
If I turn my camera's off, my pi-hole blocks around 0.5% of DNS requests made from all my other IOT devices including all my online browsing (which strangely accounts for a very tiny amount of DNS requests made). When my cameras are connected and turned on, my pi-hole blocks roughly 20% of DNS requests made which, is roughly 70,000 requests which is crazy when you think about it... currently I have 11 devices connected to the internet, between those 11 devices in the last 24 hours alone they have made 405,500 requests to my chosen DNS servers , of which 74,500 have been blocked- and rising.
However, my three tp-link cameras have nothing on the power saving sockets I have installed to monitor the amount of electricity I use and make some dumb devices smart ones. I have a smart life socket that has made 83,700 requests alone- the same number as all my cameras put together (but that is an issue I am trying to raise with tuya who are a different company to tp-link).
*One feature tp-link have tried to block me from having is the ability to control my cameras from outside my home. There is a nice banner across every page saying I can only access the data via my local network... but they are wrong, I run my own virtual private network so even when I am the other side of town I can link into my home network and my tp-link devices can't tell the difference (it sounds complicated but it is stupidly easy... look up tailscale or zerotier, I prefer zerotier but tailscale is a lot easier to set up).
- Copy Link
- Report Inappropriate Content
This is f*ing ridiculous.
- Copy Link
- Report Inappropriate Content
It stops from time to time. Nothing since yesterday 8:13 p.m.
- Copy Link
- Report Inappropriate Content
There is obviously some algorithm/list from which a relay URL is generated/chosen, and this is clearly broken.
I have 2 cameras, one requests
euw1-relay-i-02bc0f77715ab6cbd.dcipc.i.tplinknbu.com
which exists, whilst the other requests
euw1-relay-i-012b864713b9c51ba.dcipc.i.tplinknbu.com
which does not
So, in my DNS server I rewrite the invalid domain with the valid one. (I use AdGuard Home)
Bit of a dirty fix, but it does the job.
- Copy Link
- Report Inappropriate Content
@Tescophil Interesting, but does this stop the camera from requesting the domain every few seconds?
- Copy Link
- Report Inappropriate Content
Are TP-Link developers really aware of this, or are they just ignoring this?
- Copy Link
- Report Inappropriate Content
Information
Helpful: 6
Views: 12680
Replies: 72