Ghost Calls – Can Be Scarry!!!

So what is a Ghost Call? If you are receiving  calls with a caller ID of 100, 1000, or some random number; but when you pick them up nobody is there, this is a Ghost Call. This usually means someone has detected that you are using voice over IP and is trying to connect to your PBX or Hosted Phones. This is always an annoyance as your phone will continually ring but worst than that this is a sure sign someone is trying to gain access to your voice over IP service or PBX. The hacker hopes to gain access and then make International calls on your dollar or maliciously corrupt your programming.

So how do these attacks happen? Hackers are using a freeware program called SIP Vicious to scan public IP addresses to look for SIP traffic on port 5060 which is the default SIP Port used in VoIP. They can find individual extensions, SIP Trunks and system access ports. SIP Vicious was designed as a tool to actually test your SIP installation against this kind of vulnerability. It also has the ability to attempt a brute force attack on your passwords.

If an attacker figures out your password they can run up a large bill in a very short period of time. They will try to make international calls, which you will be held liable for. We had one customer run up $3000.00 in 30 minutes. Also, they can make it seem like you are suffering a DDOS attack on your public IP making it hard to make and receive calls.There are other risk involved but you get the idea. Ghost Calls are no joke and need to be immediately addressed.

So what is the solution? As in any network solution you need to make sure you have security measures in place. First, use strong passwords. Always  use a sixteen bit password. Second, block all traffic on port 5060 except from IP addresses of your provider. Third, you should disable  international calling if you do not use it. If you do use it then restrict it to the countries you call and use a PIN to allow access so it is not wide open. Fourth, only allow connections to your system from local IP addresses and create rules for all remote IP addresses of phones outside the office. This requires all remote connections to have static IP addresses. Sometimes when you have mobile sales folks it is best to install a VPN on their device so they can connect from anywhere and still secure the router. Finally, lock down any remote access ports to your PBX. Even with strong passwords on the system the idea is that they cannot even get through the firewall to the PBX or phones.

If you are in the process of migrating to a Voice Over IP solution make sure you discuss VoIP security with prospective vendors. If they are vague in this area you need to move on until you find one that is security savvy. If you have an existing VoIP solution in place it is worth your while to revisit this with whomever is managing your router and providing your telephone service. Often the Router and Telephone people are two different companies. Although the telephone people may not manage the router it is still their responsibility to articulate to the IT vendor what needs to be set up. Remember, Ghost Calls are a sure sign that things are not locked down.

If you have an existing VoIP solution in the Tampa Bay area and  are receiving ghost calls and your telephone provider does not know what it is or does not know how to fix it, please give us a call. We want you to love your phones.

Drew Martin