• November 04, 2024, 07:52:06 PM
  • Welcome, Guest
Please login or register.

Login with username, password and session length
Advanced search  

News:

This Forum Beta is ONLY for registered owners of D-Link products in the USA for which we have created boards at this time.

Author Topic: Does the DCS-1130 phone home??  (Read 7753 times)

321-argh

  • Level 1 Member
  • *
  • Posts: 14
Does the DCS-1130 phone home??
« on: February 01, 2013, 12:53:06 PM »

You betcha!

If your DCS-1130 is plugged into an ethernet switch, you might notice that the Link (activity) light is flashing all the time.  Or if it's connected over WiFi, you might see the WiFi activity light on your router flashing a lot.  "Why is that?", you might ask.

While troubleshooting another network problem, I observed a lot of network traffic coming from my 1130.  Using Wireshark, I captured packet traces to figure out what's going on.

0) First off, the 1130 sends out a broadcast SSD (Service Discovery) request to the local LAN every few minutes, looking for the local gateway router.  My router then responds "I'm here, my IP address is so-and-so, and I support UPnP".  UPnP is a dangerous protocol used by routers to permit client devices to reconfigure the router in real-time.

1) The 1130 then constantly floods my router with UPnP requests. These are requests for the router to set up port forwarding, so that external connections from the internet can be forwarded to port 80 on the 1130.  The 1130 is asking for a variety of external ports to be opened -- I observed 8080, 55092, 22082.  My router supports UPnP, and other devices on my LAN have successfully negotiated ports to be forwarded on it. However, my router returns an error message to the 1130 "Conflict in Mapping Entry" after every UPnP request.  It appears that the 1130 is sending a mal-formed UPnP request that is rejected by my router.  As a result, no UPnP ports get configured.

Note that these UPnP messages are being sent by the 1130 even though it appears (on the 1130 Setup/Network configuration page) that UPnP is not enabled.  And it never gives up - like the Energizer buddy, it keeps trying and trying and trying...  And my router keeps telling it GoAway, GoAway, GoAway...

2) The 1130 frequently requests time updates from Network Time Protocol (NTP) servers. Very frequently.  Every 20 or 30 seconds or so. The time server returns a packet containing accurate network time to the 1130, so that its internal clock will be accurate. There is no reason that it should be requesting the time that often. In fact, many NTP servers will reject requests from clients that are requesting time updates too often.

3) The 1130 phones home. A lot. It makes connections to servers at these URLs, which are served by the indicated IP addresses (and perhaps others):
- prov.mydlink.com: 54.248.73.41, 54.248.73.42, 50.18.252.33, 54.251.43.80, 50.18.252.26
- prov.us.mydlink.com: 50.18.176.177, 50.18.48.68, 50.18.177.164

The messages sent to prov.mydink.com includes a login string containing username of "mydlink" and password of "0266000123".   Sometimes the mydlink server responds INVALID REQUEST.  Other times, it responds OK, with a packet that contains a number of pieces of information, including the address of a SYSLOG server (see below), version number of the 1130 firmware, etc.

The messages sent to prov.us.mydlink.com includes a login string where the username is the unique myDlinkID that is printed on the back of my camera. Same password as above.  The myDlink server often responds INVALID REQUEST, but sometimes responds REGISTERED. Presumably, this login registers the  camera with the myDlink portal.  Subsequently, the owner can login to the portal and allocate the camera to his account, using the myDlinkID to identify the particular camera.  Then owner can view the camera through the portal.

4) Every minute or so, the 1130 sends a packet of SYSLOG information to the server whose address it received earlier. The packet is a bunch of binary data - contents unknown. That's spooky. Some might say downright unacceptable.

I don't use the myDlink portal, and I have no desire for it to be phoning home all the time. Nor sending SYSLOG packets off to the hinterland. So I configured my router to block outgoing connections from the 1130 to the Dlink servers.  This makes the 1130 really mad. The activity light on my ethernet switch goes wild.  Since it can't get through to prov.mydlink.com nor prov.us.mydlink.com, it now starts trying to connect to other Dlink servers: prov.dlinklife.net, prov.rd.dlinklife.net, and prov.rd.dlinklife.com.  When it can't get through, it keeps trying and trying, seemingly desperate to make contact with home base.

NB - if, like me, you don't use the myDlink portal, be aware that your camera has registered itself with the mydlink server anyways. That means that a random internet citizen could register on the portal, and then go prospecting for cameras, entering random myDlinkID numbers until he discovers a camera that has not been assigned to its legitimate owner.  Presto, a total stranger has access to your camera through the portal, and you have no clue. So be sure you change the default admin password to something really strong. Likewise, any user accounts you create on the camera have strong passwords to keep internet voyeurs from breaking in.

There doesn't seem to be a way to disable the 'phone home' behavior of the DCS-1130. If anyone knows a way, please speak up.
Logged