Tech

Domain name filter

Published on:

September 8, 2015

The simple filter on our PBX for the domain name was that we were throwing the baby out with the bathwater. It was simply not possible to define exceptions. That made it practically impossible to use the feature in a real deployment. If the system administrator white-listed IP addresses, traffic from there would still be ignored if the domain name did not match. Adding that back in to the filter solves many of the trunk related problems, as admins can just add the IP addresses for the trunks.

Is is a long time ago that we introduced a simple, but powerful way to keep unwanted traffic away from the PBX: Just look at the domain name of incoming requests.

It seems, however, that this feature becomes useful only after the world really starts to use hosted PBX. Unfortunately not only the customers are starting to use the PBX in the cloud. As the hosted PBX goes mainstream, it also becomes a target for Crime, Inc.

One disadvantage of IPv4 is that there are only a relatively few IP addresses in the world. Scanners can and they do go from one IP address to the next and check out if there is anything coming back from that address. In the old times they primarily checked port 80 for HTTP or some other easy-to-exploit ports like an open FTP. Today the gangsters have added port 5060 to their checklist.

The problem will get a lot smaller when the world has switched to IPv6. There is will be a lot harder to just dumb-scan the possible IP addresses. In an IPv6 environment, scanners would have to first get the DNS name for the server before it can know a valid IPv6 address. Unless the service providers are assigning IPv6 addresses in a way that the hackers can predict.

The simple filter on our PBX for the domain name was that we were throwing the baby out with the bathwater. It was simply not possible to define exceptions. That made it practically impossible to use the feature in a real deployment. If the system administrator white-listed IP addresses, traffic from there would still be ignored if the domain name did not match. Adding that back in to the filter solves many of the trunk related problems, as admins can just add the IP addresses for the trunks.

While adding IP addresses would make it possible to use the domain filter feature, it would still be inconvenient. In environments where tenants can bring their own trunks, it would be even a pain to keep up with the changes that clients make to their trunks.

Because of this, we added a second reason why a packet would let through even though the domain does not match. This would be if the packet comes from a trunk, and the IP address where it was coming from was associated with that trunk. This can happen by automatic resolving of the DNS addresses for the trunk, or by explicit association of certain IP addresses with trunks.

With the new filter method the domain filter becomes a powerful, yes fast and easy way to fend off most of the unwanted traffic on the PBX. The domain name serves like an addition to the password, something that an outside attacker will not guess easily.

The new domain name filter will be available in version 5.3.

Latest Articles

View All

Webinar | Real-Time Media Streaming in Vodia PBX: AI, Call Transcription, and Security in V69.5.6

Join Vodia Networks on April 8 for a live, in-depth webinar on how real-time media streaming is powering the future of voice communication. Discover how Vodia PBX version 69.5.6 enables seamless AI integration, live call transcription using the Whisper API, and secure voice data handling. Hosted by Sales Engineer Eric Altman and VoIP Engineer Hamlet Collado, this session will walk you through real-world use cases, including OpenAI and Google Speech-to-Text integrations, MS Teams support, and new security features. You’ll also get a first look at Vodia’s AI roadmap and have the opportunity to ask your questions during a live Q&A.

March 28, 2025

The Vodia PBX On-Premise Whisper AI Deployment​

Whisper, OpenAI’s Automatic Speech Recognition system, delivers multilingual, noise-tolerant, and technical-language-ready transcription through a streamlined encoder-decoder architecture. With Vodia PBX’s integration, organizations can choose between using OpenAI’s service or hosting Whisper AI locally for complete data sovereignty and control. This on-premise option ensures that sensitive call data stays within your infrastructure while still benefiting from powerful transcription capabilities. To explore deployment options, see our Whisper AI on-premise setup documentation, review a self-hosted integration example, or follow our cloud-based call transcription guide.

March 27, 2025

Vodia at Enterprise Connect 2025: Embracing AI and Advancing Communications

Vodia Sales Engineer Eric Altman attended Enterprise Connect 2025 on March 18 and 19, where he connected with partners and gained insight into the future of enterprise communications. AI was the clear focus of the event, with discussions centered on agentic systems, chatbots, and generative technologies. “It was certainly the main element in the atmosphere,” Eric noted. He also shared his excitement about Vodia PBX version 69.5.6, which includes real-time AI integration with OpenAI and call transcription using the Whisper API. The event confirmed that AI is rapidly becoming a core component of modern communication platforms—and Vodia is well-positioned to lead the way.

March 26, 2025