Ghost Calls

Ghost Calls

Ghost Calls

SIPvicious was created as an inventory tool for IT Admins to manage SIP devices evolving to a scammer tool used to probe for PBX vulnerabilities. Thankfully SIPvicious and its annoying ghost calls are easily dealt with the strategies listed here.

Calls from phone numbers like “100” or “1000” with silence at pickup are the result of probes against your SIP port (5060). Almost all such calls use a tool called SIPvicious which silently attempts to audit your PBX or phone system for any vulnerability.

While the vast majority of SIPvicious ghost calls fail to get beyond just the initial probe, with a bit of perseverance they can be prevented altogether.

How they work

SIPvicious sends an INVITE to scan your systems SIP port 5060 looking for vulnerable PBX systems to hack and ultimately route calls through. While vulnerable PBX systems are the hackers' intended targets, the same INVITE to an IP Phone (or VoIP Phone) generates the ghost call ringing. The ghost calls are therefore generally just an annoyance, and will not generate a financial loss.

Suggested prevention strategies

  • Blacklist: Higher quality firewalls will allow you to blacklist the offending IP range and the ultimate source of the ghost calls.
  • Limiting 5060 access: If your firewall permits, deny all traffic to your voice port 5060 except traffic from our public voice proxy – 103.55.116.0/24 (see also IP address / SIP port).
  • Port Forwarding: If you are port forwarding you will need to filter traffic over port 5060
  • Changing handset port: As a last resort try changing your SIP port (5060) to an alternative such as 50600 (see screenshot below).

Yealink phones provisioned through our Device Provisioning have been configured to block IP Ghost calls, and SIP vicious style attacks. As the amount of these scans has grown, phone manufacturers have started adding extra protection. There are 2 settings that need to be changed in your Yealink phone to stop these sip attacks.

If you need to manually set configure your phone follow the process below:

  1. Download the latest firmware for your handset from Yealink.
  2. Upgrade Firmware: Settings | Upgrade >> Select and Upgrade Firmware.
  3. Allow IP Call: Features | General Information and it should be DISABLED. Click Confirm to accept the change.
  4. Accept Sip Trust Server Only: Account | Advanced\, at the very bottom. It should be ENABLED. This makes the phone only accept invite requests from the server it’s registering to.

Extra Information

Some older firmwares don’t have the “accept sip trust server only” setting, but you can manually add it to your provisioning file.
In your Yealink configuration file, add the follow line :
account.X.siptrustctrl = 1
X is the account on the phone. If you have multiple accounts (lets say 3) you need to add this line 3 times with X as 1,2, and 3.
This next parameter is probably already in your configuration file, just needs to be set to 0.
features.directipcall_enable = 0


    • Related Articles

    • Conference Calls

      Conference Calls When keeping your team connected the Conference Call feature can be useful. When setting up this feature you can personalize your conference calls. This makes it easy to be connected with staff and customers. The number of ...
    • PIN Code for Restricting Calls

      PIN Code for Restricting Calls Most organizations have some rules about who can make calls to where. It may be that your warehouse team can only make local and national calls and your accounts team can call local, national and international calls. ...
    • PIN Code for Restricting Calls

      PIN Code for Restricting Calls Most organizations have some rules about who can make calls to where. It may be that your warehouse team can only make local and national calls and your accounts team can call local, national and international calls. ...
    • Billing Records

      There are 2 ways in which you can see your call data records and call history summary. 1. Summary of calls To access Summary of Calls, just go to Billing > Summary of calls Here you'll be able to see the call records separated by service type, ...
    • Use Hunt Groups for Managing Inbound Calls

      Use Hunt Groups for Managing Inbound Calls This service provides all users with a free and simple linear hunt group service. The service allows you to distribute phone calls from a single telephone number to a group of up to 10 phone lines. You can ...