Wyze Cam V2 attempting UDP 10001 connections to Chinese IP

I believe this this the heartbeat to connect to servers of our connections service. We will check with our service provider and get back on this. Thanks!

2 Likes

We will check with our service provider and get back on this. Thanks!

It’s been 29 days. Is there any updates on this? Thanks

I’m seeing Cam Pan (ver 4.10.3.60) with sensor bridge (ver 0.0.0.30) attempting to connect to 210.61.216.106 (Taiwan) and 120.24.153.33 (China).

That’s weird as I also track all connectivity attempts from/to any devices in my networks and I’ve only seen wyze connect to domestic/us aws nodes with an occasional hit to ones in Canada. The only other anomaly was actually today when one of the cams attempted to access an isp connection point in Miami which did not come back as aws so I blocked it when I got the alert. I’ve never had any of the 4 wyze cams I’m running try to connect to China (but every single one of my 24 dahau and hikvision ip cams immediately try multiple ports at multiple ip’s all in China as soon as they power up) :thinking:

I ran my camera on a separate wireless network which is connected through a PC with two NICs and logged the connections from the camera for a short period of time. The following are all the servers that it connected to.

DestinationAddress DestinationPort Connections WhoisOrganization
129.6.15.29 123 4 National Institute of Standards and Technology (NIST)
52.218.209.137 443 6 Amazon Technologies Inc. (AT-88-Z)
34.208.107.136 8443 6 Amazon Technologies Inc. (AT-88-Z)
34.211.38.141 8443 2 Amazon Technologies Inc. (AT-88-Z)
52.25.151.84 8443 4 Amazon Technologies Inc. (AT-88-Z)
52.89.157.200 8883 2 Amazon Technologies Inc. (AT-88-Z)
192.99.8.134 10001 4 OVH Hosting, Inc. (HO-2)
207.244.91.206 10001 4 Leaseweb USA, Inc. (LU)
23.82.8.76 10001 4 Nobis Technology Group, LLC (NTGL)
114.67.85.205 10240 4 Beijing Jingdong 360 Degree E-commerce Co., Ltd.
198.16.70.58 10240 4 FDCservers.net (FDCSE)
50.7.98.242 10240 4 FDCservers.net (FDCSE)

I’m running the latest firmware which is 4.9.4.37. The camera is a WYZE Cam v2.

Someone from WYZE, please explain what these servers are. In particular, I would like to know what the Chinese server is being used for, but, also the other non-Amazon servers. What are ports 10001 and 10240 used for?

Note, the Android app connects to the same Chinese server that the camera does.

1 Like

Same issue here! Can you guys please elaborate?

1 Like

Hey byakhee99 - would you mind telling me what you’re using to get that data and graph it? That looks super useful.

@b1c22f43f5f7e1b761a2 It is called Scrutinizer and even the free version is very powerful.
But to feed it with network traffic data you have to have a Netflow capable device on your network, like a router, firewall or Layer 3 switch.

1 Like

I sure wish some info on this was posted by Wyze, Mine were connecting to Russia on 10001, not anymore (Blocked) but I will admit without more info on WHY this may be the last round of Wyze hardware purchases

2 Likes

We used ThroughTek (TUTK) as our P2P connection provider. They are Taiwan based and have servers worldwide including North America, Europe, Asia and China. The IPs above are their server IP worldwide. The network traffic happens during device boot time and in low frequency I assume. This is because the camera needs to initialize itself during boot time + refresh itself with the servers. I am not talking too much detail here to protect their IP. We have integrated their new API to limit camera traffic to US only starting v2 4.9.4.108 version, If you upgrade to the latest version, you will not see oversea traffic. Please let me know if you see extra oversea traffic in 4.9.4.108 or later. Thanks!

1 Like

Russia? Can you post the server IP and your camera firmware version? We will investigate. Thanks!

Can you tell what your camera firmware version is? Thanks!

Second question, can you tell if this is pure camera traffic or camera + phone traffic?

I’ve noticed connection attempts to Russia as well. was happening about a month and a half ago with the latest firmware at the time.

Just earlier this evening, Romania as well. Attached a few pics from my Firewalla logs.

What is up with traffic on port 10001? Nobody from WYZE ever answered this in this thread.

There are more details at:

1 Like

Thanks much! I had blocked the port. Then after reading the thread you linked me to I tested live streaming and it did not work. I unblocked the port and it still didn’t work. I restarted my cameras and now I can live stream again.

For the record, my cameras are on a different WiFi vlan & SSID than my Android device.

limit the port to within your local subnet /network and it addresses the streaming as well as security concerns

Thank you for your suggestion. However, based on my experience, that port needs WAN / internet connectivity or no joy.

Perhaps limit port 10001 to only connect with an IP range e.g. amazonaws.com
TCP:10001 = 'Wyze P2P streaming connection
TCP:10002 = 'Wyze LAN firmware upgrade

Acording to list below 10001 = Local live streaming over WiFi so think @Calia1120 is correct, local
(https://wyzelabs.zendesk.com/hc/en-us/articles/360031479511)

I will have to check my notes, but I recall reading that port 10001 was for local streaming. Will find the source link and add here.