bvoip-guides.png

How to block "ghost calls" coming in from 100,1000,10000, etc on your Yealink & Grandstream phones

The symptoms :  

  • Phones will ring with 100,1000, or 10000 as the caller-ID and no one will be on the other end.
  • It could happen just once just like it could happen many times a day, every day.
  • Inspecting the logs of your phone system or voip provider will not show these calls at all.

These calls are being mass made by a so called “sip auditing tool” called SipVicious. It will scan entire IP ranges and ring all the voip phones in that range that it can reach. This means SipVicious can only scan phones on it’s local network, phones that aren’t behind a router, or phones that have port forwards pointing to it. As a result, this mostly happens to remote extensions / people using a hosted voip provider.

As the amount of these scans has grown, phone manufacturers have started adding extra protection. There are 2 settings that need to be changed in your Yealink phone to stop these sip attacks.  

 

yealink firmware.png

1. "Allow IP Call".   You can find it in Features / General Information and it should be DISABLED.  Click confirm to accept the change

 yealinksecurity01.png
2. "Accept Sip Trust Server Only" is the most important one.  This setting is under Account / Advanced, at the very bottom.  It should be ENABLED and you need to do this for EVERY ACCOUNT ON THAT PHONE.  This makes the phone only accept invite requests from the server it's registering to. 

yealinksecurity02.png

That's it!  Your Yealink phone will no longer accept calls from unknown sources. 

Extra Information : 

Some older firmwares don’t have the “accept sip trust server only” setting, but you can manually add it to your provisioning file. (I will show you how to change the configuration files without having a provisioning server in a future article).
In your Yealink configuration file, add the follow line :
account.X.sip_trust_ctrl = 1
X is the account on the phone. If you have multiple accounts (lets say 3) you need to add this line 3 times with X as 1,2, and 3.
This next parameter is probably already in your configuration file, just needs to be set to 0.
features.direct_ip_call_enable = 0