Sip Scanner Ghost Calls - Wiki

Check out our YouTube channel to watch our simple tutorials that will help you set up most of our features.

Sip Scanner Ghost Calls

From Wiki

Jump to: navigation, search
Article en Français Artículo en Español
Français Español


Some people from time to time experience calls on their IP phones from unknown numbers or extensions and when they pick up they just hear silence. This is unfortunately a well known problem in regular Telephone & VoIP and has nothing to do with the service provider. We call these types of calls SIP Scanner Ghost Calls and besides being extremely annoying they don’t pose any significant risk to your phones or network. Providing you make sure the firmware on your phone is up to date.

These calls are not coming from our service but they are generated by “port scans” performed by hackers trying to find a vulnerable phone network to gain access to. They do large series of automated tests against IP addresses on the internet, to find systems that respond. The good news is that there are several ways you can prevent these types of calls.

Change Local SIP Port

Changing the local SIP port on your phone will make it harder for the scanners to guess the way into your device. You can try and set this to something like 5080 or 42872. The place to do this is usually in the Line/EXT config page for that device and it will say either Sip Port or Local Sip Port in most cases. By Default the SIP Port is usually set to 5060.

Use a Firewall

Some firewalls are able to filter these port scans from legit traffic. Look in the manual for your router/firewall to see how to do this, or contact your internet provider and ask for their assistance.

Change Your IP

If you don’t have a specific reason to have a static IP address, you can ask your internet provider to assign you a new IP address. This may not be a permanent solution to the problem, but it can definitely stop the calls for some time.

Only Allow Calls from Servers

Some IP phones can disable direct calls from other devices than a specific server. This means that the phone will reject all calls that are not coming from the server. The setting’s location and name varies from phone to phone, so check your manual to see if your phone supports it.

Here are a few models that have a resolution for this issue:

Cisco/Linksys SPAxxx

Please look under the Voice>> Line/EXT # page in your SPA device for the following setting: Restrict Source IP and make sure it's enabled.

This way the ATA device will block any traffic not coming from our servers.

Restrict IP - click to enlarge

Cisco/Linksys Pap2t

Please look under the Voice>> Line/EXT # page in your Linksys device for the following setting: Restrict Source IP and make sure it's enabled.

This way the ATA device will block any traffic not coming from our servers.


Grandstream GXP2200

Advanced Settings -> Call Features -> Disable Direct IP Calls

Grandstream GXP2130/40/60

Users have the ability to deny calls that are not authenticated. You can find the option by navigating the phone web interface, clicking on Account X-->SIP Settings-->Security Settings and enabling "Authenticate Incoming invite"

You can also go to Account X -> SIP Settings -> Security Settings -> and enable "Accept Incoming SIP from Proxy Only"

Grandstream HT50X/HT70X

To Prevent Direct IP calls to your device and only allow calls from our service please enable the following 2 options in your FXS Port Configuration Page.

Check SIP User ID for incoming INVITE - Default is No. Check the incoming SIP User ID in Request URI. If they don’t match, the call will be rejected. If this option is enabled, the device will not be able to make direct IP calls.

Allow Incoming SIP Messages from SIP Proxy Only - Default is No. Check the incoming SIP messages. If they don’t come from the SIP proxy, they will be rejected. If this option is enabled, the device will not be able to make direct IP calls.

Obi 1xx/2xx

  • You can just disable (by unchecking Enable) for SP2 and OBiTALK under your Voice Tab (If you are using our service as SP1).
  • You can restrict which IP addresses that can connect to your OBi. Going to "Service Providers -> ITSP Profile A -> SIP -> X_AccessList" : voip.ms_ip_address. You can see the IP address of the server you are currently using from this link: Server's IPs
  • You can also change your Obi Firewall Setting X_InboundCallRoute to : {(?|x|xx|xxx|xxxx|xxxxx|xxxxxx|un@@.|anon@@.):}, ph
This will only allow 7 digit or greater numbers through.
  • Another alternative: OBi Interface>> Voice Services>> SP1 Service>> X_InboundCallRoute: {>('Insert your AuthUserName here'):ph}, example:
{>('100000'):ph} where 100000 is replaced with your own six digit SIP account UserID or the sub-account registered with your device.

By default, OBi devices accept calls destined for any username. The above syntax rejects calls that are not intended for whatever you have configured as AuthUserName.

Panasonic KX-TGP 500/550

To turn off IP Dialing function on a TGP 500/550 you go to Line 1 > Enable SSAF (SIP Source Address Filter). That should stop the random dialing.

Polycom Phones

Try to utilize the Incoming Signaling Validation where you would be able to add security to the phone to validating incoming network signaling in the GUI. All of this is described in the <requestValidation/> section of the Admin Guide matching your software version.


Look for these settings on the Line config page.

Allow Direct IP Call - this means the phone will respond to calls coming in to it from any IP address, to any number. Sometimes used for internal intercom systems or basic phone testing without using a PBX. Set it to disabled. This setting is found in the "Features" setting tab, "General Information" page.

Accept SIP Trust Server Only - this is whether the phone accepts calls to the correct phone number but from a different place than it is Registered to. Sometimes needed for certain SIP providers but you want to set this to enabled wherever possible so the phone only accepts calls from your service provider. This setting is found either in the "Features" tab, "General Information" page or the "Account" tab depending on the phone model or firmware version.

You can also try to add below syntaxes to your cfg template(M7 template) and auto-provision it.

1. You can try this syntax in CFG template.

  1. !version:
  1. The x of the parameter "account.x.sip_trust_ctrl " ranges from 1 to max accounts. For example, x ranges from 1 to 6 of T28.


When you want to enable this sip trust control for account 1, fill 1 to “account.1.sip_trust_ctrl”. Then SIP messages from other servers will refuse by the phone.

2. If not, you can disable the “Allow IP Call” in webpage or auto-provisioning and try again.

  1. !version:
  1. Enable or disable the phone to dial the IP address directly; 0-Disabled, 1-Enabled (default);

features.direct_ip_call_enable = 0

Personal tools
Actions Blog
Guides (Français)
Guías (Español)