This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

External IP to Internal IP access?

Hi,
I have someone flooding my PBX system. Not sure what they are doing, guessing trying to make free phone calls.
The system is blocking them, but i'm getting strange log reports

Default DROP UDP 108.62.x.x :5103 → 192.168.x.x:5060 len=365 ttl=44 tos=0x00

My question is how are they trying to access the INTERNAL IP of my PBX ? [:S]\

For testing, I have turned off ALL NAT rules and turned off the VOIP helper and the attacker continues to try and access my internal IP.

I have tried setting up a special NAT rule to blackhole them ( 108.62.x.x -> any -> external IP group --NAT --> Blackhole (10.245.x.x) Then set as my first rule NAT rules, and that does not capture the packets.

Any Ideas how they are doing this?

This thread was automatically locked due to age.

Parents

0 apijnappels over 11 years ago

It could be your internal host 192.168.x.x is some kind of a phone (or a voip server) that communicates with the external address 108.62.x.x and what you see there is the traffic that the remote host tries to send back.
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 apijnappels over 11 years ago

It could be your internal host 192.168.x.x is some kind of a phone (or a voip server) that communicates with the external address 108.62.x.x and what you see there is the traffic that the remote host tries to send back.
Cancel
Vote Up 0 Vote Down

Cancel

Children

No Data