Symptom: A phone rings and nobody is there. The caller ID is odd - it might match an extension number on your PBX or it might be random. It happens frequently - sometimes incessantly. You might come to work in the morning and see 30 missed calls from various weird caller IDs.
Explanation: Your LAN has been infiltrated by hackers. These calls are not coming from your premise PBX or a cloud/hosted PBX, they are coming from outsiders. Their goal is to exploit vulnerabilities, and in the case of phones, they are sending SIP messaging in hopes of finding an end point (IP Phone) that will ultimately help them steal phone service.
Resolution: The Ghost rings can be stopped by engaging the SIP security settings in your IP phones. This will stop the annoying ringing - but it does nothing to address the underlying cause, which is that your local network has been breached. If you are experiencing this issue, we strongly urge you to take steps to better secure your LAN.
The location of the security controls in your phone's web interface varies widely depending on the manufacturer. You need to find the setting that will prevent the phone from accepting SIP data from any source except your PBX. There might be a single control for it globally, or separate controls for each SIP registration account in the phone.
Here is how to engage the security setting in a Grandstream phone:
Log into the phone's Web control panel by typing its IP address into a browser address bar. User= admin pw= admin (unless you've changed them to something else).
In the settings for Account 1 go to SIP settings ->Security settings. The most important one is "Accept Incoming SIP from Proxy Only". Change that to YES. If your phone also has a setting to "Check SIP User ID for Incoming INVITE", set that to YES also. Don't engage the "Authenticate Incoming INVITE" setting. That will make the phone stop getting any calls at all.
This setting tells the phone to ignore SIP messaging - including the INVITE message, which is what triggers a ring - unless it is coming directly from the PBX server.
Related Articles
9/22/2016 Auto deletion of recorded calls
Automated deletion of recorded calls has now been added to Protel LTS premise PBX, and also to Protelity LTS Multi-tenant (hosted) PBX. The controls for this feature, along with 3 other automated functions, have been moved to a new group called ...
Plantronics Headsets with Grandstream 21xx Phones
Plantronics (now known as "Poly" after their merger with Polycom) has a well-deserved reputation for manufacturing top of the line headsets. Their wireless headsets, including the Savi 700 series, the CS500 series, the MSA200 series, and the Voyager ...
Auto Attendants - Complete Programming Guide
OVERVIEW Auto Attendants, sometimes called IVR (Interactive Voice Response), are a useful and versatile component in any PBX dialplan. Commonly, they are used to play messaging and allow callers to direct calls by pressing number keys on their ...
12/6/2016 Mailgun deprecated. Additional features.
Update news: Restricted dialing capability for designated extensions Passcodes moved from feature code page to new page Local SIP port selection now added to phone auto-provisioning Mailgun restrictions may be affecting voicemail to email ...
How to Manually Provision a Grandstream Phone
Before you begin: Your phone needs to be powered up and connected to a Local Area Network (LAN) that is able to connect to the internet. Your computer needs to be on the same LAN as the phone. 1. Find the IP address of the phone. Press the ...