Ghost calls, also known as phantom calls are unwanted incoming calls that appear to originate from nonexistent or unreachable numbers. These calls often have no caller ID or show a strange, unfamiliar number. Ghost calls can be annoying and disruptive, especially when they occur frequently.
There are several potential causes for ghost calls in VoIP:
- Port Scanning: Attackers may use automated tools to scan IP addresses looking for vulnerable VoIP systems. When they find one, they may initiate ghost calls to test for vulnerabilities or to cause disruption.
- Spoofing: Callers can spoof caller ID information to make it appear as though the call is coming from a legitimate number, or even from the same number as the called party. This is a common tactic used by telemarketers and scammers.
- Misconfigurations: Incorrectly configured VoIP systems or firewalls can sometimes result in ghost calls being generated unintentionally.
- Dialer Software Glitches: In some cases, glitches in dialer software or VoIP equipment can cause calls to be initiated without proper authorization.
- Network Issues: Problems with network connectivity, such as packet loss or latency, can sometimes manifest as ghost calls.
Generally, ghost calls are calls directed at devices themselves, not stemming from the PBX. There is nothing that can be done on server side as this sip traffic does not pass through it.
Depending on manufacturer phones might have the option to restrict sip traffic to registered IP’s only, for example:
Yealink
Add the following to your UAD Auto Provisioning Template.
sip.trust_ctrl = 1
features.direct_ip_call_enable = 0
Poly
Add the following to your UAD Auto Provisioning Template.
<feature feature.urlDialing.enabled="0" />
</feature>
<voIpProt>
<voIpProt.server voIpProt.server.1.address="xxx.xxx.xxx.xxx" voIpProt.server.1.port="0" />
<voIpProt.SIP voIpProt.SIP.enable="1">
<voIpProt.SIP.outboundProxy voIpProt.SIP.outboundProxy.address="xxx.xxx.xxx.xxx" />
<voIpProt.SIP.requestValidation voIpProt.SIP.requestValidation.1.method="source" voIpProt.SIP.requestValidation.1.request="INVITE" />
</voIpProt.SIP>
</voIpProt>
Note: xxx.xxx.xxx.xxx = the FQDN or IP address of the SIP server.