Intro - DDOS Protection
By default, Port Digger protects the DVR and handle hacking attempts impossible to break-in to its utterly isolated network, also means it is much safer than regular Port Forwarding from the existing LAN Routers which could be possible result in "whole" LAN devices could be hacked. (ie. Through UPnP enabled devices or by abusing security flaws of the end-users budget routers)
Also, Most of Firewalls are vulnerable to DDOS attack, which will make the DVR become malfunction entirely for 15 minutes at the minimum, then DVR gets "empty" recorded time strips in the search menu, meaning 'nothing has been recorded' during the attack. Did they just hack the DVR? No, they merely attacked the Port Forwarded DVR before the crime starts and make the DVR "freeze" state because of maximum CPU load induced by DVR network port. For your information, Many sites offer DDOS attack service starting as low as $5. They don't cut the wires anymore.
If you had Port Digger until now, then you never had this kind of issue, because Port Digger protected more than hundreds DDOS attacks and still counting since 2016 July. Which means their next criminal plans after DDOS would never proceed because the DVR was still operating and recording. This feature included in all Port Digger models.
What is Netfilter Framework
We have added Advanced Netfilter Framework (ANF). Netfilter is more than any of the firewall subsystems. Netfilter provides an abstract, generalized framework of which one particular incarnation is the packet filtering subsystem. So don't expect talk about "how to set up a firewall or a masquerading gateway." That would only cover a part of Netfilter.
We built this custom Netfilter Framework designed for the DVRs. And it is based on the data that Port Digger had collected during two years which contains all kinds of Brute Forces, Netcat commands, Syn attacks and more that has saved in the log of the Port Digger devices. We have done a lot of blocking patterns and possibilities onto ANF, including one of the pattern rules below. (We won't share all the trends for everyone's security)
- Only USA/Mexico/Canada IPs can access the DVR.
From our research based on real data that is from each Port Digger's defense log, in all over the nationwide, DVR hacking attempts are mostly made from foreign continental IPs especially China/HK to the EU using Servers in data centers. (If you need another country to access, please let us know)
- It does more than just closing the "ports" it detects the data in the ports and blocks it.
in an example,
The Standard module, we include the chain of FIN, SYN, RST, PSH, ACK, URG and all the possible packets towards to the DVR.
The Pro module does our custom deep packet inspection such as Telnet and Netcat headers and more.
That is one of the hundreds of rules & chains of ANF we built, and you will feel the forces with it.
As you verified the strength of the Port Digger, momentarily we are arranging the reverse route this time to focus on security.
Because we already comprehend how terrible prevailing cybercrime is.