Notification Blacklist

[mskenderian]

I get notifications for ips that get blacklisted, in recents weeks i am getting more and more. specially from the same IP. We started blocking these IPs, but even though the IP is blocked, we still get notifications from that specific IP. 

anyway to disable these notification if the IP is already blacklisted?

[Vodia PBX]

If you permanently blacklist the address you should not get any more notifications. There must be something wrong with blocking them.

[mskenderian]

yes that would indeed be the correct way. but i am.

 

see below. 2nd line shows my entry that i blocked the connection.  1st line shows the PBX auto blocked it for me and i got a notification

 

this particular machine is running 68.0.16

about to upgrade to .20 this week.

[mskenderian]

Below is the logs from the PBX.

[8] 9:09:51.135	Accept connection from blacklisted address 192.240.110.202:50788 for 1000 msⓘ
[6] 9:09:52.136	Delete SIP connection 3352 from 192.240.110.202:50788ⓘ
[7] 9:09:52.136	Connection from 192.240.110.202:50788 closedⓘ

 

[Vodia PBX]

The problem is that some devices will try immediately to reconnect when the TCP connection gets closed, which results in an own-device-DoS. That is why the PBX must wait for some time before closing the connection. 

Because of the way TCP/IP works the PBX needs to accept the connection before it can get the remote address. That does take some CPU. Firewall manufacturers will not go out of business anytime soon. 

Why we have two records remains a little mystery though. 

[mskenderian]

I am not sure I understand you.

Let me clarify a few items, this PBX is not production. I do have a few devices provisioned to it for testing purposes. But this IP geolocates to florida. which i have no customers on the east coast.

Regardless of the fact the PBX needs to accept the connection, why am i still getting email notifications? I got 191 emails in the last 8 days for this particular IP.

[mskenderian]

Can we get this fixed? 

We should not be getting email notifications for IPs that are already blacklisted.

[Vodia PBX]

68.0.22 will fix something in that area anyway — the PBX would not forget the addresses unless there is actually something blocked. Plus there was an issue with net masks that could also have played a role there.

[mskenderian]

@Vodia PBX What else is coming with .22?

[RichardDCG]

9 hours ago, mskenderian said:

@Vodia PBX What else is coming with .22?

+1 

[Vodia PBX]

We'll update the release notes, as usual.

[mskenderian]

I am on .26, and i am stil getting these notifications. was it not included in .26

 

This is what the logs show.

[8] 7:40:25.279	Accept connection from blacklisted address 199.7.143.48:52270 for 1000 msⓘ