Re: DVR?
I have some DVRs (one Tivo, two Humax) which record locally but as far as I can tell are not visible (at least to Shields Up) to the Internet.
Be very careful with that assumption. You're probably okay with your Tivo and Humax DVRs but most of these cheap CCTV DVR/NVR/IPCs, which is what we're discussing here as it was these which were targeted by Mirai, have a "cloud" feature built into the binary that processes the stream(s). Even if you disable the thing in the config, it'll still ping out to let the mothership know it's alive¹, which is why I said one of the mitigations was to block outgoing packets on MAC. Anything that can tunnel out through NAT/uPnP/firewall can tunnel back in again. ShieldsUp! won't detect stateful connections, only blatantly open ports.
¹Yes, I did verify this on the Hi3518E based cameras and a cheap, shonky Owsoo NVR, watching the resolver logs and sniffing the packets as they hit the brick wall of my router. Since most of this bilge is based on HiSilicon chippery, a safe course would be to err on the side of caution.