3CX v12 Security - Blacklist/Whitelist

Discussion in '3CX Phone System - General' started by west3, Nov 28, 2014.

Thread Status:
Not open for further replies.
  1. west3

    Joined:
    May 14, 2012
    Messages:
    2
    Likes Received:
    0
    Hi,

    Is there a way to whitelist my 2 x VOIP Provider IP addresses and blacklist everything else?
    I have no external extensions (just LAN based)
    I have seen the 3CX doco on blacklist/whitelist.

    Also - Is order of rules important?
     
  2. leejor

    leejor Well-Known Member

    Joined:
    Jan 22, 2008
    Messages:
    10,595
    Likes Received:
    255
    It sounds like a job for a router/firewall. If you did come up with something that blocked all, and other than 255 blacklists starting with 1.0.0.0 up to 255.0.0.0 with the appropriate subnet masks, I'm not sure how that would be accomplished. You would then have to become become more specific when it came to the IP that your provider uses.

    If you did a blanket blacklist, I'm not certain that a whitelist will make it through, or if the order makes a difference, as it does in the outbound rules. But you can certainly try and report back.

    3CX does a pretty good job of blacklisting anyone that tries to get way with anything falling outside the parameters that you have set. I've found that there have been about 20 IP's that I've had to change from a 250,000 second blacklist to permanent. You can have an email send when an IP is blacklisted so you don't have to keep going in and checking.

    There is vigilant, and then there is paranoid. Just be sure that all passwords are extremely difficult to "guess".
     
  3. west3

    Joined:
    May 14, 2012
    Messages:
    2
    Likes Received:
    0
    Thanks Leejor,

    My router for some reason doesn't have the feature set to restrict incoming...
    I'm experiencing some call quality issues already on this new system and fear it is all the extra traffic generated by failed attempts to hack in. If I can block it, the they will eventually give up (hopefully).
    My real question was - If I add whitelist entries - By definition (AFAIK) that makes everything else "blacklisted". Not sure if that is 3CX's implementation though.
     
  4. leejor

    leejor Well-Known Member

    Joined:
    Jan 22, 2008
    Messages:
    10,595
    Likes Received:
    255
    If hackers are getting as far as the PBX then you should have logs showing the attempts. If someone is just "hitting" your router, not a VoIP call (port 5060) attempt, then your router would have to be set-up to take care of that.

    From my experience, If i whitelist an IP or range, then even if there are failed registration attempts, it will not be added to the blacklist. I whitelisted my internal network a while back as some ATAs were being blacklisted for failed authentication, which should not have been happening.
     
Thread Status:
Not open for further replies.