OpenDNS is rejecting traffic from PBX

munozj · January 15, 2019, 2:35pm

I updated my Distro 14 yesterday to all the latest modules and now our OpenDNS (Cisco Umbrella) is rejecting some traffic. Is this legitimate traffic that I should whitelist or do I need to investigate further.

Security Activity
Time Resp. Destination Category Identity

12:45:30 Blocked pool.sks-keyservers.net Malware, Computer… PBX LDAP (pbxldap…
12:42:33 Blocked pool.sks-keyservers.net Malware, Computer… PBX LDAP (pbxldap…

jfinstrom · January 15, 2019, 3:55pm

Yes those are legitimate servers. They are GPG/PGP public key servers used for opengpg which is used as part of module signing. It seems silly that would be flagged.

jfinstrom · January 15, 2019, 3:59pm

side note this should NOT affect signature checking as it should failover.

https://git.freepbx.org/projects/FREEPBX/repos/framework/browse/amp_conf/htdocs/admin/libraries/BMO/GPG.class.php?at=refs%2Fheads%2Frelease%2F14.0#45

	// List of well-known keyservers.
	private $keyservers = array(
		"pool.sks-keyservers.net",  // This should almost always work
		"hkp://keyserver.ubuntu.com:80",  // This is in case port 11371 is blocked outbound
		"pgp.mit.edu", // Other random keyservers
		"keyserver.pgp.com",  // Other random keyserver
		"pool.sks-keyservers.net"
	); // Yes. sks is there twice.