you might want to take a look at the _custom.conf files, in particular the extensions_custom.conf.
From the compromised system the hackers now know my authorized supplier IPs. Since those IPs are whitelisted in iptables, can they spoof the IPs and bypass my firewall that way? I think Linux has source address verification but not sure if that applies here or if it’s built into the firewall.
No. (Well, sort of yes, but they can’t do anything with that, apart from a hypothetical ability to disconnect existing calls if they’re EXTREMELY lucky at guessing a very large random number. Basically, no)
1 Like
how about placing files on the server or executing SQL queries? I am just a bit paranoid now so I’d rather ask the questions and sound ignorant instead of missing something later.