Need help creating whitelist for all Verizon and TimeWarner public IP addresses...

We have recently changed our firewall settings to allow remote connections to our VoIP phone system.  Although the home office workers are happy, this has allowed a flood of VoIP spammers to enter and try to connect to our server and phones.

I would like to fix this by utilizing a white-list at our firewall to only allow connections from our home users, who all use either Verizon FIOS or Time-Warner home connections.    

I'm comfortable with this approach since 99.99% of the spam calls are from off-shore addresses.   But they keep changing rapidly, so I don't want to try to manage an ever growing black-list.

Since they are home connections and are dynamically assigned, I can't just white-list one address and be done, it has to be the entire range that either of these two  ISPs might assign to the home user.

Can anyone suggest a good way to find the entire range of public IP addresses that Verizon FIOS and Time-Warner utilize?  I'd like to white-list as large a block of Verizon and TW addresses as possible to avoid a failure down the road.
Thanks,
Ken C.
LVL 1
CreasAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

btanExec ConsultantCommented:
IF remote user are the only authorised folks then do consider using VPN minimally prior to access as at least the authentication and authorisation can be enforced and monitoring from that single FW strategic point to backend. There is UTM that does VoIP firewalling too e.g. Sonicwall NSA.

Saw some mentioned as well on untrusted list to deny (not whitelist though)
http://www.networksystemssolutions.eu/voipblocklist.php

Actually IP changes can be dynamic as mentioned and spoofing is a low hanging fruits, a spammer can use one of these IPs then hop onto another IP if a single IP were blacklisted. probably, may be good to explore into anti-SPIT (Spamming over Internet Telephony) for more effective means as compared to blacklisting only. One instance is http://www.eyeball.com/products/voip-anti-spam-server/
0
CreasAuthor Commented:
btan...
Thanks for the idea.  And a site to site VPN would be a nice solution, but the hardware and expense is not available in this situaton.
Sadly, no one has addressed the real solution I am looking at so I will try to build my own white list for these two ISPs.
Thanks for the suggestion though.
Ken C
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
btanExec ConsultantCommented:
noted and do kindly also indicate any posting if it has helped or provided alternative as suggested. this may help in future to further this "partial" solutioning with other posting by the EE Community (which i can see helps) and still on "watch" out for possibilities (though not as often but may be worth)..
http://www.experts-exchange.com/Community_Support/General/A_2786-How-do-I-close-a-question-at-Experts-Exchange.html

another means for whitelisting (and in all such approach) is gather such profile through the monitoring (as long as does not hit the blacklist) and then update on an ongoing basis. I see the challenge in general to maintain this whitelist, as normally IP from such ISP dependents can be very dynamic or coming from single proxy which the whitelist IP can be a false impression (and not revealing the real ones).  

I did see Verizon with some http://my.verizon.com/micro/whitelist/ and maybe that can be delve further to ask them as one of their subscribed user per se...

nonetheless, just some food of thoughts
0
CreasAuthor Commented:
No one addressed the question as asked.
I will do my best to build my own white list.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Network Security

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.