Lately I see dozens and dozens of customers with a hacked DVR / NVR because they insist on leaving a port open to reach it from outside,
instead of using the cloud or a VPN first...
(All used as an attack vector for RDP protocols)
It will be yet another NVR in the hands of hackers.
add action=accept chain=forward comment="NVR NTP" dst-address=0.0.0.0 dst-port=123 protocol=udp src-address-list=NVR-set
>>> dst-address must not exist or not work as expected (permit everywhere the NTP)
add action=drop chain=forward comment="defconf: drop all else" connection-nat-state="" connection-state="" in-interface-list=all
>>> connection-nat-state and connection-state must not be present or not work as expected
instead of using the cloud or a VPN first...
(All used as an attack vector for RDP protocols)
It will be yet another NVR in the hands of hackers.
add action=accept chain=forward comment="NVR NTP" dst-address=0.0.0.0 dst-port=123 protocol=udp src-address-list=NVR-set
>>> dst-address must not exist or not work as expected (permit everywhere the NTP)
add action=drop chain=forward comment="defconf: drop all else" connection-nat-state="" connection-state="" in-interface-list=all
>>> connection-nat-state and connection-state must not be present or not work as expected
Statistics: Posted by rextended — Fri Feb 28, 2025 12:50 pm