Source IP Addresses

Hi Can anyone tell me what the source IP addresses are.

I need to open up ports on our firewall to allow the traffic from the Doorbells to the users to pass through and need to keep the security some what tight.

I have the port numbers and we are using static IP address on the devices but need to know the Source Addresses.

If anyone can tell me it would be a great help.

Thanks

Andrew

Hey @AndrewW. It sounds like you may need to reach out to your internet service provider in order to obtain this bit of information. Otherwise, the only information we have publicly accessible in regards to ports and protocols will be the information found here. If you’re still unable to get the information you’re looking for from your ISP or from that Help Article, please reach out to our support team here to see if they are able to obtain these numbers for you!

Thanks for the response however this has nothing to do with the ISP.

AS a business we need to limit our exposure and when opening ports on firewalls we need to limit the exposure by being a specific as possible.

The source is the Ring.com servers or gateways. as its the sopurce of the information that comes back to the device.

If we dont limit the source then any IP address can use that port to get to the device and then potentially carry out an attack via the device on our network.

So i really need to get the source IP address from ring.com, we do the same with Microsoft for O365 and Dynamics and other vendors.

Thanks

Andrew

@AndrewW After discussing this with my advanced level team, they informed me that source IPs are not information that we have for neighbors, as it all varies depending on your router and network. Although, if you have your network settings set up in a way that you can choose IP addresses to pick from, you should be able to achieve what you’re looking for.

For example, if your router is running 1.1.192.x criteria (IPv4), then you can choose any IP between 1.1.192.2 and 1.1.192.252. From there, you will then assign the Ring device that IP address. The Ring device will be identified in your network by its MAC address/ID, which you would have had to scan when setting up the device. Therefore, once you’ve assigned an IP address of your choice to the Ring’s MAC ID, this will setup what you need to then apply port forwarding and firewall info to the router’s settings. Hope this helps! :slight_smile:

Hi,

This has nothing to do with our router or network. its the source IP addresses, its your ip addresses that the traffic has to return to.

A fundamental way of securing a corporate network is to limit the traffic between source and destination.

That is Source IP address ->Destination IP Address and only open the requiered ports between the 2.

If we open ports to a destination IP address for any internet IP address than a hacker can port scan a network locate a open port and hack the device inside.

We alooking at another way to get around this issue as it appears you can give us a list of IP addresses that we can whitlist as source IP addresses.

I find this surprising as we do this with Microsoft, AWS applications and MDM tools.

Andrew

@AndrewW Thanks for getting back to me! I passed on your followup and this is the information I have gotten back. According to my advanced level of support, there is no source IP for Ring.com because our systems use dynamic IPs and there will different IP’s based on region. If you’re able to create a separate VLan for your IOT devices and DMZ everything onto that VLan, this would allow you to allow open communication of IOT devices on that network while isolating it from your main network.

Provided this is an option in your networking environment this is something we would suggest as an appropriate work around, since we do not have source source IP addresses.

I can second that it would be super useful to have a list of URLs and CIDR blocks that ring needs to work.

It appears to connect to sites and countries I wouldn’t expect, and the requirements change between device models (for example a camera vs a doorbell).

I’ve spent about 2 years trying to get ring to work through a firewall without having my cameras and microphones totally unprotected. It has not been a good experience. They work for a while, then drop off etc.

1 Like

I am looking for the IP address also to be able to connect my Ring to WIFI. My internet provider is saying I need to get the IP Address from Ring. Is there a resolution? If not, how then is Ring any better than another system? Does it just come down to monitoring?

Hi, Andrew, seen as the ring staff do not understand your question I will answer it for you, they host their services within AWS.

If you have an application layer capable firewall which supports predefined groups you could add in a group for AWS, or see if there is a predefined application for ‘ring’ which might cover the IP ranges and ports for you.

Otherwise, you could use this link here to try using a JSON file to grab the AWS IP ranges and add them to your allowed list.

https://docs.aws.amazon.com/general/latest/gr/aws-ip-ranges.html

https://ip-ranges.amazonaws.com/ip-ranges.json

Just bare in mind allot of their applications such as port 9998 is SSL over port 9998 which can catch you out.

https://ip-ranges.amazonaws.com/ip-ranges.json