1

Allow entry of domain under extension IP Restriction

Jeff Justice

October 28, 2017 17:23

None

Follow

Currently under Settings:Edit Extension:Advanced:IP Restriction you are only allowed to enter an IP address with a subnet mask.

CASE: A customer's extension on our S50 was compromised.  The hacker proceeded to rack up several hundred dollars of calls before the breach was detected.

Turning on IP restriction would have prevented them from connecting as an extension with the compromised password as it would not have matched the IP criteria.

Most of our remote customers are using connections to the internet that are dynamic and subject to change at random.

In most cases we are able to set up DDNS on the customer site to keep track of the IP they are coming from.  Unfortunately, we are unable to enter this DDNS information as a domain under the IP Restriction setting due to being limited to only IP addresses and a subnet mask.

• Facebook
• Twitter
• LinkedIn

5 comments

• 0
  
  Paul October 31, 2017 06:22

  Jeff,

  I think you  can try configure the firewall. The fireware support to add a domain name. See below screenshot:

  

• 0
  
  Jeff Justice October 31, 2017 07:57

  That is a different place.  Here is where the entry goes under "IP Restriction":

  

• 0
  
  Ina Tang November 01, 2017 08:39

  Jeff,

  What Paul mentioned is a way that might meet your needs.

  Adding a domain name to be accepted in firewall wall is a global rule not only used for the SIP registration, but also the requests like HTTPS, HTTP etc.

   

• 0
  
  Jeff Justice November 01, 2017 11:25

  That doesn't make sense.

  If I enter nothing, any extension can register to PBX from any domain/IP.

  If I enter a domain/IP in firewall, any extension can still register to PBX.

  If I enter a domain/IP in extension settings, ONLY that extension can register from entered domain/IP.

  Which brings up another issue.  With firewall enabled, and NO rules entered, everything is still allowed to connect to PBX.  The only effect I have found of entering rules in firewall is that the domain/IP is no longer flagged as malicious accidentally.

• 0
  
  Ina Tang November 02, 2017 02:48

  Hi Jeff,

  Normally when you enter a domain/IP in firewall, you will need to enable DROP ALL as well, then it can be an efficient configuration to prevent from attacks.  However DROP ALL will drop all of the request which are not defined in the firewall, you will need to add all permitted IP or Domain in firewall.

  I am not sure if this will help you or not. I  submitted a feature request in Yeastar Feature Request System though.