Odd firewall intercept

Discussion in '3CX Phone System - General' started by haywardi, Jan 18, 2016.

Thread Status:
Not open for further replies.
  1. haywardi

    Joined:
    Feb 27, 2011
    Messages:
    83
    Likes Received:
    0
    Has anyone come across the following..

    I've started monitoring my firewall much more recently and have noticed that I'm getting a "blocked" entry.

    This wouldn't normally worry me except the blocked IP address is MY OWN external IP address trying to access port 5000.... Seems to be initiated from port 34572..

    Is this normal behaviour of 3CX, or is it someone trying to spoof my own IP address?

    Thoughts/comments welcome.

    Iain
     
  2. lneblett

    lneblett Well-Known Member

    Joined:
    Sep 7, 2010
    Messages:
    2,061
    Likes Received:
    56
    Unknown as not enough info.

    You might try to do a wireshark capture and see if any additional details can be had that would help identify the source. I assume it could be someone trying to get access, but you did not indicate the ports your system is set to use. If running Abyss and a later version of 3CX, then port 5000/5001 (HTTP/HTTPS) is used to gain access to the log in page.
     
  3. NickD_3CX

    NickD_3CX Support Team
    Staff Member 3CX Support

    Joined:
    Jun 2, 2014
    Messages:
    1,255
    Likes Received:
    63
    It could be either, but if you have something internally on your network trying to connect to your Public IP from inside your network then I believe this can happen.

    The most common reason for this happening is when you have Split DNS setup, but some of the endpoints does not resolve to your Local IP so it tries to go to the Public IP.
     
  4. craigreilly

    craigreilly Well-Known Member

    Joined:
    Feb 1, 2012
    Messages:
    2,977
    Likes Received:
    183
    Someone may have static DNS entries of a public DNS server. I had someone not able to access email when they were in the office. Once I changed DNS to DHCP they were up and running.
    This would have been a similar scenario as you.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
Thread Status:
Not open for further replies.