Many of us have experienced a ghost call at some point in time and it is frustrating. No I am not referring to some paranormal occurrence here that requires the Ghostbuster team, though if it happens in the wee hours it can have a similar affect on your heart! Unfortunately it often does happen in the early hours of the morning, if the source is due to a port scanning hit from the other side of the planet.
What are Ghost Calls?
A ghost call is the name given to phantom calls where your phone rings but nobody is on the other end of the call, nothing but silence. It is extremely annoying and depending on the source of the ghost call, it can happen frequently.
Sometimes the caller ID will be a strange number such as calls from 100, 1000, 1001 or the likes which is often a clear sign of a ghost call.
Who is Responsible for these Phantom Calls
Well first of all, it should be pointed out that this is rarely due to your phone provider, though as we will find out, there are things they can do to block ghost calls.
Often these phantom phone calls are due to automated programs randomly scanning IP (Internet Protocol) ports, often referred to as port scans, to try and find susceptibilities in your phone system. They are doing this because if they find a way to break into your phone system they can make calls on your dime, so you need to prevent them. One common scanner that is used is known as SIPVicious (someone there at least has a sense of humor!). It is a free SIP (Session Initiation Protocol) test tool but used by hackers to try and find your SIP ports and break in to retrieve the password for the extension, They can then clone the extension on their system and make calls that you will pay for.
However, these calls can also be due to neglected auto-dialers, such as the ones used by those annoying telemarketers. There are FCC (Federal Communications Commission) limits on how long they can tie up your phone line so if an auto-dialer is no longer actively managed but still making outbound calls, it could cause problems. In other words, it calls your number but no telemarketer is present to talk to you and then the line is tied up until the FCC limits kick-in at which point it terminates the call.
Stopping Ghost Calls
Regardless of who is responsible, ghost calls are annoying and can be dangerous if their goal is to attempt to break-in to your phone. However, there are various methods you can use to stop these rogue calls, some at the provider side and others at the end user side. Let me highlight some of the most popular ways to stop ghost calls:
Provider Side Fixes
- Make sure your provider is aware of port scanning (they should be) and verify that they have firewall rules to block port scans on their side. This at least ensures any port scans are coming direct to your IP address rather than via your phone provider.
- For the case of auto-dialer issues, they tend to have a real phone number in their incoming caller ID. Get the provider to block all calls from that Caller ID, sometimes you can do this yourself from the provider's secure portal. Just log in and block the associated rogue calls. However, note that often auto-dialers are more intelligent than that these days and change the caller ID number frequently so it can be hard to stay on top of this. Under this condition, it is best to see what the provider can do to help.
End User Fixes
- Firewalls are your friend when it comes to ghost calls. Depending on your router you may be able to block port scans in the settings page for your router as they tend to be repetitive in nature and can be filtered and blocked.
- White-list IP addresses and ports. If you know that VoIP calls can only come from your phone provider and you have a list of IP addresses and ports that the provider uses you can set up a white-list and block all other traffic to your SIP ports (normally 5060). Typically only higher end routers such as those from SonicWall or Cisco support this so this may not be an option for typical home or small office routers unfortunately.
- Change the SIP port on your phone or ATA (Analog Telephone Adapter) so that it is no longer port 5060. Most port scans are sent to port 5060 as it is the most popular port used for SIP traffic (SIP traffic is what is used for VoIP calls). However, make sure this does not cause problems for your provider, for example if you choose a port that the provider cannot support for SIP messaging. Note however that this tends to be a temporary fix as eventually the scanner will find your new port.
- Modify ghost related settings in your phone or ATA device. There are too many manufacturers and models to mention in this post but here are some examples taken from the popular Grandstream HT701 ATA device, and also highlighted in Figures 1 and 2 below.
- Validate incoming sip message (YES)
- Check SIP UserID for incoming INVITE i.e. no direct ip calling (YES)
- Allow Incoming SIP Messages from SIP Proxy Only (YES)
Figures 3 and 4 show settings for Yealink phones than can help prevent ghost calls from getting through. Namely blocking direct IP calls and accepting SIP traffic only from a trusted server.
Ghost calls are real and very much a pain. Whether the result of a rogue unattended telemarketing auto-dialer or due to port scanning techniques from servers on the other side of the world, they must be stopped.
In this article we introduced the usual sources behind these calls and discussed ways to prevent them, both at the phone provider side and at the device side for the end user. Hopefully this can prevent you being rudely awakened in the early hours.
If you have had experience with ghost calls or had success using other methods please let us know in our comments section below.