[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

Need help creating whitelist for all Verizon and TimeWarner public IP addresses...

Posted on 2014-09-02
4
Medium Priority
?
444 Views
Last Modified: 2014-09-12
We have recently changed our firewall settings to allow remote connections to our VoIP phone system.  Although the home office workers are happy, this has allowed a flood of VoIP spammers to enter and try to connect to our server and phones.

I would like to fix this by utilizing a white-list at our firewall to only allow connections from our home users, who all use either Verizon FIOS or Time-Warner home connections.    

I'm comfortable with this approach since 99.99% of the spam calls are from off-shore addresses.   But they keep changing rapidly, so I don't want to try to manage an ever growing black-list.

Since they are home connections and are dynamically assigned, I can't just white-list one address and be done, it has to be the entire range that either of these two  ISPs might assign to the home user.

Can anyone suggest a good way to find the entire range of public IP addresses that Verizon FIOS and Time-Warner utilize?  I'd like to white-list as large a block of Verizon and TW addresses as possible to avoid a failure down the road.
Thanks,
Ken C.
0
Comment
Question by:Creas
  • 2
  • 2
4 Comments
 
LVL 65

Expert Comment

by:btan
ID: 40300779
IF remote user are the only authorised folks then do consider using VPN minimally prior to access as at least the authentication and authorisation can be enforced and monitoring from that single FW strategic point to backend. There is UTM that does VoIP firewalling too e.g. Sonicwall NSA.

Saw some mentioned as well on untrusted list to deny (not whitelist though)
http://www.networksystemssolutions.eu/voipblocklist.php

Actually IP changes can be dynamic as mentioned and spoofing is a low hanging fruits, a spammer can use one of these IPs then hop onto another IP if a single IP were blacklisted. probably, may be good to explore into anti-SPIT (Spamming over Internet Telephony) for more effective means as compared to blacklisting only. One instance is http://www.eyeball.com/products/voip-anti-spam-server/
0
 
LVL 1

Accepted Solution

by:
Creas earned 0 total points
ID: 40309070
btan...
Thanks for the idea.  And a site to site VPN would be a nice solution, but the hardware and expense is not available in this situaton.
Sadly, no one has addressed the real solution I am looking at so I will try to build my own white list for these two ISPs.
Thanks for the suggestion though.
Ken C
0
 
LVL 65

Expert Comment

by:btan
ID: 40309114
noted and do kindly also indicate any posting if it has helped or provided alternative as suggested. this may help in future to further this "partial" solutioning with other posting by the EE Community (which i can see helps) and still on "watch" out for possibilities (though not as often but may be worth)..
http://www.experts-exchange.com/Community_Support/General/A_2786-How-do-I-close-a-question-at-Experts-Exchange.html

another means for whitelisting (and in all such approach) is gather such profile through the monitoring (as long as does not hit the blacklist) and then update on an ongoing basis. I see the challenge in general to maintain this whitelist, as normally IP from such ISP dependents can be very dynamic or coming from single proxy which the whitelist IP can be a false impression (and not revealing the real ones).  

I did see Verizon with some http://my.verizon.com/micro/whitelist/ and maybe that can be delve further to ask them as one of their subscribed user per se...

nonetheless, just some food of thoughts
0
 
LVL 1

Author Closing Comment

by:Creas
ID: 40318891
No one addressed the question as asked.
I will do my best to build my own white list.
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Securing your business data in current era should be your biggest priority. Numerous people are unaware of the fact that insiders commit more than 60 percent of security breaches. You need to figure out the underlying cause and invoke your potential…
When you put your credit card number into a website for an online transaction, surely you know to look for signs of a secure website such as the padlock icon in the web browser or the green address bar.  This is one way to protect yourself from oth…
There's a multitude of different network monitoring solutions out there, and you're probably wondering what makes NetCrunch so special. It's completely agentless, but does let you create an agent, if you desire. It offers powerful scalability …
Monitoring a network: why having a policy is the best policy? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the enormous benefits of having a policy-based approach when monitoring medium and large networks. Software utilized in this v…

834 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question