Need help creating whitelist for all Verizon and TimeWarner public IP addresses...

Posted on 2014-09-02
Last Modified: 2014-09-12
We have recently changed our firewall settings to allow remote connections to our VoIP phone system.  Although the home office workers are happy, this has allowed a flood of VoIP spammers to enter and try to connect to our server and phones.

I would like to fix this by utilizing a white-list at our firewall to only allow connections from our home users, who all use either Verizon FIOS or Time-Warner home connections.    

I'm comfortable with this approach since 99.99% of the spam calls are from off-shore addresses.   But they keep changing rapidly, so I don't want to try to manage an ever growing black-list.

Since they are home connections and are dynamically assigned, I can't just white-list one address and be done, it has to be the entire range that either of these two  ISPs might assign to the home user.

Can anyone suggest a good way to find the entire range of public IP addresses that Verizon FIOS and Time-Warner utilize?  I'd like to white-list as large a block of Verizon and TW addresses as possible to avoid a failure down the road.
Ken C.
Question by:Creas
    LVL 60

    Expert Comment

    IF remote user are the only authorised folks then do consider using VPN minimally prior to access as at least the authentication and authorisation can be enforced and monitoring from that single FW strategic point to backend. There is UTM that does VoIP firewalling too e.g. Sonicwall NSA.

    Saw some mentioned as well on untrusted list to deny (not whitelist though)

    Actually IP changes can be dynamic as mentioned and spoofing is a low hanging fruits, a spammer can use one of these IPs then hop onto another IP if a single IP were blacklisted. probably, may be good to explore into anti-SPIT (Spamming over Internet Telephony) for more effective means as compared to blacklisting only. One instance is
    LVL 1

    Accepted Solution

    Thanks for the idea.  And a site to site VPN would be a nice solution, but the hardware and expense is not available in this situaton.
    Sadly, no one has addressed the real solution I am looking at so I will try to build my own white list for these two ISPs.
    Thanks for the suggestion though.
    Ken C
    LVL 60

    Expert Comment

    noted and do kindly also indicate any posting if it has helped or provided alternative as suggested. this may help in future to further this "partial" solutioning with other posting by the EE Community (which i can see helps) and still on "watch" out for possibilities (though not as often but may be worth)..

    another means for whitelisting (and in all such approach) is gather such profile through the monitoring (as long as does not hit the blacklist) and then update on an ongoing basis. I see the challenge in general to maintain this whitelist, as normally IP from such ISP dependents can be very dynamic or coming from single proxy which the whitelist IP can be a false impression (and not revealing the real ones).  

    I did see Verizon with some and maybe that can be delve further to ask them as one of their subscribed user per se...

    nonetheless, just some food of thoughts
    LVL 1

    Author Closing Comment

    No one addressed the question as asked.
    I will do my best to build my own white list.

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    Highfive Gives IT Their Time Back

    Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

    Even if you have implemented a Mobile Device Management solution company wide, it is a good idea to make sure you are taking into account all of the major risks to your electronic protected health information (ePHI).
    Join Greg Farro and Ethan Banks from Packet Pushers ( and Greg Ross from Paessler ( for a discussion about smart network …
    Sending a Secure fax is easy with eFax Corporate ( First, Just open a new email message.  In the To field, type your recipient's fax number You can even send a secure international fax — just include t…
    This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor ( If you're looking for how to monitor bandwidth using netflow or packet s…

    760 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    11 Experts available now in Live!

    Get 1:1 Help Now