- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
My device uploaded to wowzachild.netgear.com is this normal? I have not seen the before
Solved! Go to Solution.
- Related Labels:
-
Troubleshooting
Accepted Solutions
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I received the following from Arlo support...
As per Security and FW team, "The devices are in actuality NOT connecting to wowzachild.netgear.com. The router is reporting this due to the certificate on our streaming servers."
Our team are currently working on it to make sure it will display the correct certificate from your end"
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
@marademha wrote:
My device uploaded to wowzachild.netgear.com is this normal? I have not seen the before
What device?
That site doesn't exist.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I have 2 Arlo pro 4s
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
@marademha wrote:
I have 2 Arlo pro 4s
And what exactly was uploaded?
If you use a DNS lookup tool, you will find that wowzachild.netgear.com doesn't exist. So it is not possible to upload anything to it. There is a wowzachild.arlo.com. Not sure exactly how that is used, but it appears to be something to do with docusign.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
My firewall says both cameras uploaded around 1mb of data on 2 occasions. This has only happened in the last few days. The typical upload locations of the camera are whitelisted
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Looking further they have uploaded up to over 200mb in the last 24 hours
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Listed here ;
https://www.shodan.io/host/52.50.127.92
as in an SSL certificate;
SSL Certificate
Certificate: Data: Version: 1 (0x0) Serial Number: 1 (0x1) Signature Algorithm: sha256WithRSAEncryption Issuer: C=US, ST=California, L=San Jose, O=Netgear, Inc., OU=IT, CN=wowza.netgear.com Validity Not Before: Aug 12 22:36:30 2016 GMT Not After : Aug 6 22:36:30 2041 GMT Subject: C=US, ST=California, L=San Jose, O=Netgear, OU=IT, CN=wowzachild.netgear.com
The IP listed in his window comes back to Amazon services
Morse is faster than texting!
--------------------------------------
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
@marademha wrote:
My firewall says both cameras uploaded around 1mb of data on 2 occasions. This has only happened in the last few days. The typical upload locations of the camera are whitelisted
No idea where the firewall got that domain name, since the three DNS lookup tools I tried said all there is no such host. The DNS entry for wowzachild.arlo.com isn't tied to an IP address, it appears to be a docusign ID of some kind. You can check all this yourself if you like.
The 54.245.252.251 IP address is assigned to an Amazon AWS server. I tried doing a reverse IP lookup with that address and just got the expected ec2-54-245-252-251.us-west-2.compute.amazonaws.com
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
This is the history, I recognise my devices connecting to these other servers as legitimate.
I understand your information above.
So why would the devices be doing this?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
If I block the domain with my firewall the Arlo cameras stop working.
How do I get Arlo to confirm these are legitimate requests.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
@marademha wrote:
If I block the domain with my firewall the Arlo cameras stop working.
How do I get Arlo to confirm these are legitimate requests.
Contact Arlo support. This is bizarre since the hostname doesn't exist in DNS. The old SSL cert you found goes back to the time when Arlo was part of Netgear. But that hasn't been the case since 2018.
I don't think tier 1 support will be able to help, you'll probably need to get it escalated to tier 3.
I'm tagging the mods - @JamesC , @ShayneS , @BrookeN - to call their attention to your question.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I am looking into this. I will update you as soon as possible.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Can you please get your Pro 4 back online so we can download the device logs?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
How do I provide you the logs?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Sorry also , do you require my firewall stilling blocking or not
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
The logs would be on the server, not your camera. I would expect that the firewall should not be blocking so the system is working normally.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Ok, I have connected them back online. Sorry for delay
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Did this ever get figured out as I’m having the same issue with the same firewall. Suddenly a week ago (give or take some days) I’m getting a slew of alarms which typically would be due to the destination of traffic having suddenly changed. Has Arlo made any major changes recently? Perhaps running out of an alternative location for DR testing?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
@Seriously00021 wrote:
Has Arlo made any major changes recently? Perhaps running out of an alternative location for DR testing?
They haven't announced any.
In @marademha's case it is still connecting to an AWS server, and my guess is that is an Arlo server. The puzzle is where the wowzachild.netgear.com domain name is coming from.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I received the following from Arlo support...
As per Security and FW team, "The devices are in actuality NOT connecting to wowzachild.netgear.com. The router is reporting this due to the certificate on our streaming servers."
Our team are currently working on it to make sure it will display the correct certificate from your end"
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
It’s a certificate, I think that was the signing domain possibly. If our devices are suddenly using the wrong certificate we would need to disconnect immediately.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Good stuff, false alert then. Thanks!!
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
These alerts are still flooding in and the IPs the base station is connecting to keep changing. Many of the IPs it’s talking to don’t even have 90 days of history being online. Is Arlo certain that base stations haven’t been compromised somehow? If it’s normal for Arlo to spin up servers and down them frequently to constantly have new IPs then it’s probably still the bizarre cert that’s setting off the alarm bells. It’s a bit creepy thinking the base station might be calling the wrong location and I’m tempted to block it until this is resolved or someone can say for sure that (one example of many) 44.238.119.216 should be something my base station or other device should be communicating with. I also have Arlo security.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
@Seriously00021 are you seeing that same domain? What is the behavior you are seeing can you tell me more details please.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I’m not seeing domains now just IP addresses which is weird by itself but those IPs are saying they haven’t been seen on the internet for at least 90 days which is causing the security appliance to trigger warnings. The only time we can see the domain is if shodan has scanned the IP/domain the device is talking to and gotten back a certificate but these new IPs aren’t returning anything. I could probably give a list if 10 different IP addresses my base station and door bell (not linked to the station) they haven’t been seen before. This appliance has a heuristics engine which creates a traffic baseline for all devices behind it and around the time the OP compliant came in I got hit with it too. Since then it’s become a daily event where I get an “abnormal connection” event. If these IPs would resolve to a domain name it probably wouldn’t be an issue. It’s rare to see hardcoded IP addresses in modern code which raises more red flags but Arlo has always shown up like that when throwing one of these alerts so I assume it’s normal for the product.
-
Accessories
4 -
Activity Zones
1 -
Amazon Alexa
1 -
Apple HomeKit
2 -
Apple TV App
9 -
Applications mobile et en ligne
1 -
Apps
4 -
Arlo Go
3 -
Arlo Mobile App
559 -
Arlo Pro
36 -
Arlo Pro 2
1 -
Arlo Q (Plus)
3 -
Arlo Smart
147 -
Arlo Web and Mobile Apps
18 -
Arlo Wire-Free
30 -
base station
1 -
Batteries
529 -
Before You Buy
778 -
Can't view cameras live at all
1 -
Dépannage
1 -
Détection de mouvements
1 -
Features
918 -
Fehlerbehebung
1 -
Firmware Release Notes
93 -
Google Assistant
1 -
Hardware
1 -
home security
1 -
IFTTT (If This Then That)
105 -
Installation
1,999 -
Iphone 14 pro
1 -
Live view
1 -
Modes and Rules
1 -
Motion Detection
2 -
Object Recognition
3 -
Online and Mobile Apps
983 -
Online und mobile Apps
1 -
Order Not Going Through... help please!
1 -
Other Discussions
1 -
Partner Integrations
4 -
Security
1 -
Service and Storage
14 -
Smart Subscription
3 -
SmartThings
71 -
Troubleshooting
8,775 -
Videos
233 -
Vidéo
2 -
Warranty & Contracts
2
- « Previous
- Next »