mskenderian Posted August 21, 2022 Report Share Posted August 21, 2022 I get notifications for ips that get blacklisted, in recents weeks i am getting more and more. specially from the same IP. We started blocking these IPs, but even though the IP is blocked, we still get notifications from that specific IP. anyway to disable these notification if the IP is already blacklisted? Quote Link to comment Share on other sites More sharing options...
Vodia PBX Posted August 24, 2022 Report Share Posted August 24, 2022 If you permanently blacklist the address you should not get any more notifications. There must be something wrong with blocking them. Quote Link to comment Share on other sites More sharing options...
mskenderian Posted August 24, 2022 Author Report Share Posted August 24, 2022 yes that would indeed be the correct way. but i am. see below. 2nd line shows my entry that i blocked the connection. 1st line shows the PBX auto blocked it for me and i got a notification this particular machine is running 68.0.16 about to upgrade to .20 this week. Quote Link to comment Share on other sites More sharing options...
mskenderian Posted August 25, 2022 Author Report Share Posted August 25, 2022 Below is the logs from the PBX. [8] 9:09:51.135 Accept connection from blacklisted address 192.240.110.202:50788 for 1000 msⓘ [6] 9:09:52.136 Delete SIP connection 3352 from 192.240.110.202:50788ⓘ [7] 9:09:52.136 Connection from 192.240.110.202:50788 closedⓘ Quote Link to comment Share on other sites More sharing options...
Vodia PBX Posted August 25, 2022 Report Share Posted August 25, 2022 The problem is that some devices will try immediately to reconnect when the TCP connection gets closed, which results in an own-device-DoS. That is why the PBX must wait for some time before closing the connection. Because of the way TCP/IP works the PBX needs to accept the connection before it can get the remote address. That does take some CPU. Firewall manufacturers will not go out of business anytime soon. Why we have two records remains a little mystery though. Quote Link to comment Share on other sites More sharing options...
mskenderian Posted August 25, 2022 Author Report Share Posted August 25, 2022 I am not sure I understand you. Let me clarify a few items, this PBX is not production. I do have a few devices provisioned to it for testing purposes. But this IP geolocates to florida. which i have no customers on the east coast. Regardless of the fact the PBX needs to accept the connection, why am i still getting email notifications? I got 191 emails in the last 8 days for this particular IP. Quote Link to comment Share on other sites More sharing options...
mskenderian Posted August 30, 2022 Author Report Share Posted August 30, 2022 Can we get this fixed? We should not be getting email notifications for IPs that are already blacklisted. Quote Link to comment Share on other sites More sharing options...
Vodia PBX Posted September 8, 2022 Report Share Posted September 8, 2022 68.0.22 will fix something in that area anyway — the PBX would not forget the addresses unless there is actually something blocked. Plus there was an issue with net masks that could also have played a role there. Quote Link to comment Share on other sites More sharing options...
mskenderian Posted September 8, 2022 Author Report Share Posted September 8, 2022 @Vodia PBX What else is coming with .22? Quote Link to comment Share on other sites More sharing options...
RichardDCG Posted September 8, 2022 Report Share Posted September 8, 2022 9 hours ago, mskenderian said: @Vodia PBX What else is coming with .22? +1 Quote Link to comment Share on other sites More sharing options...
Vodia PBX Posted September 9, 2022 Report Share Posted September 9, 2022 We'll update the release notes, as usual. Quote Link to comment Share on other sites More sharing options...
mskenderian Posted December 13, 2022 Author Report Share Posted December 13, 2022 I am on .26, and i am stil getting these notifications. was it not included in .26 This is what the logs show. [8] 7:40:25.279 Accept connection from blacklisted address 199.7.143.48:52270 for 1000 msⓘ Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.