Hello Folks. Literally overnight, my firewall’s typical block of external to internal connections has gone from approx 16K connections blocked to over 1.1MM connections blocked. The only changes made to my environment were the addition of (3) WyzeCam v.3 and (2) WyzeCam Outdoor.
The traffic trying to come IN is from IP addresses that I can see/search on in this forum going back to 2019. LeaseWeb, OVH Hosting, etc…and the block are ephemeral ports tagged as inbound UDP. I’m seeing as well as some new IP’s 38.132.103.114 and 158.69.252.241 outbound on camerars to random ports in the 10000 range, each with 104B.
Curious if anyone has observed this kind of behavior as well with their Wyze products. Thanks for the ‘look’ !
Uuuhhhhh, ok. Anyone with a networking background care to comment on if Wyze Cam’s are trying to create a connection over UDP and that may be what’s being interrupted by the ‘block’ on my firewall?
(2) pings from that IP to my network today to UDP 51445 that were automatically blocked. In essence, these cams are always talking to something. I’ve posted for a couple years on it and for the most part, no big deal. From what I see, when my Wife is off-network and tries to look at the Camera’s, it appears Wyze is trying to directly connect the Wyze App to the cameras so the traffic doesn’t flow thru their data centers. Which makes complete sense. Why pay for all that bandwidth when they don’t need to.
But since my firewall is blocking those ephemeral port connections, I can see thousands of blocks from her mobile ATT IP address trying to get into the firewall directly, and the App ends up routing the traffic via Wyze’s network connections to each Cam. At least, that’s what I’m suspecting is going on. And again, that makes sense.
But every day, the lions share of blocking by my firewall to the WyzeCam’s comes from 3 IP addresses and every 24 hours, the connections are almost precisely at 2158 per IP. Its like 2 connection attempt per minute or thereabouts, per IP address
