Tech

Domain name filter

Published on:

September 8, 2015

The simple filter on our PBX for the domain name was that we were throwing the baby out with the bathwater. It was simply not possible to define exceptions. That made it practically impossible to use the feature in a real deployment. If the system administrator white-listed IP addresses, traffic from there would still be ignored if the domain name did not match. Adding that back in to the filter solves many of the trunk related problems, as admins can just add the IP addresses for the trunks.

Is is a long time ago that we introduced a simple, but powerful way to keep unwanted traffic away from the PBX: Just look at the domain name of incoming requests.

It seems, however, that this feature becomes useful only after the world really starts to use hosted PBX. Unfortunately not only the customers are starting to use the PBX in the cloud. As the hosted PBX goes mainstream, it also becomes a target for Crime, Inc.

One disadvantage of IPv4 is that there are only a relatively few IP addresses in the world. Scanners can and they do go from one IP address to the next and check out if there is anything coming back from that address. In the old times they primarily checked port 80 for HTTP or some other easy-to-exploit ports like an open FTP. Today the gangsters have added port 5060 to their checklist.

The problem will get a lot smaller when the world has switched to IPv6. There is will be a lot harder to just dumb-scan the possible IP addresses. In an IPv6 environment, scanners would have to first get the DNS name for the server before it can know a valid IPv6 address. Unless the service providers are assigning IPv6 addresses in a way that the hackers can predict.

The simple filter on our PBX for the domain name was that we were throwing the baby out with the bathwater. It was simply not possible to define exceptions. That made it practically impossible to use the feature in a real deployment. If the system administrator white-listed IP addresses, traffic from there would still be ignored if the domain name did not match. Adding that back in to the filter solves many of the trunk related problems, as admins can just add the IP addresses for the trunks.

While adding IP addresses would make it possible to use the domain filter feature, it would still be inconvenient. In environments where tenants can bring their own trunks, it would be even a pain to keep up with the changes that clients make to their trunks.

Because of this, we added a second reason why a packet would let through even though the domain does not match. This would be if the packet comes from a trunk, and the IP address where it was coming from was associated with that trunk. This can happen by automatic resolving of the DNS addresses for the trunk, or by explicit association of certain IP addresses with trunks.

With the new filter method the domain filter becomes a powerful, yes fast and easy way to fend off most of the unwanted traffic on the PBX. The domain name serves like an addition to the password, something that an outside attacker will not guess easily.

The new domain name filter will be available in version 5.3.

Derniers articles

Voir tous

Vodia Announces Partnership with Comms Group Global

Vodia Networks has announced a strategic distribution partnership with Comms Group Global (ASX: CCG), aiming to expand the reach of its feature-rich cloud PBX solutions across APAC and EMEA. Through this collaboration, Comms Group Global will serve as an official reseller, providing businesses of all sizes with scalable, secure, and integrated telephony solutions. Customers will benefit from advanced call management features, Microsoft Teams integration, and robust security standards, while also gaining access to Comms Group’s SIP coverage in over 65 countries. The partnership enables a streamlined “one-touch” provisioning process, ensuring fast and seamless deployment for enterprises and SMEs seeking to improve efficiency and reduce operational costs.

September 8, 2025

Why Fax Still Matters in 2025 and How Vodia Makes It Easy

Although many consider fax outdated, it continues to play a crucial role in sectors where compliance, confidentiality, and legal proof of delivery are non-negotiable. Healthcare providers rely on fax to meet HIPAA requirements, while industries such as finance, law, and real estate depend on it for contracts and documents that require signatures or legally verifiable transmission. Unlike email, fax offers confirmation reports that serve as proof of receipt, along with time-stamped records that hold up in legal proceedings. With Vodia’s PBX, digital fax becomes faster, easier, and more accessible than ever before, enabling users to drag and drop documents, monitor transmission progress, and receive immediate confirmations.

September 5, 2025

Building Intelligent Voice Response Systems with Vodia's JavaScript IVR

JavaScript IVR transforms the way businesses handle incoming calls by enabling fully customizable, intelligent phone menu systems. Unlike static IVR setups with limited, pre-defined options, JavaScript IVR allows you to create dynamic call flows that adapt in real time based on caller input, business data, or even external API integrations. This means you can route calls more efficiently, automate complex processes, and offer highly personalized experiences to your customers. Whether you want to check customer records before transferring a call, adjust menu options based on time of day, or integrate with CRM systems for instant data access, JavaScript IVR gives you the flexibility and control to make it happen - all while improving efficiency and enhancing caller satisfaction.

August 11, 2025