Problem
We have an Asterisk server hosted externally. On four locations we've gotten ghost calls. These are calls with different numbers like 1000, 9999 or 6060. We don't use these numbers, not even that range.
NB: I've asked a question about this before, but that didn't result in a solution.
A while ago one phone (123) had this problem. This phone was used at home by an employer. I ordered it back, and gave the employer a new phone with a new number (124). I connected the 123-phone in my office, and never had a problem. The 124-phone started to have problems after several weeks, so not right away.
To me this seems like a problem that originates in the home network of the employee.
- We've had this problem in three different homes.
- All these users have routers at home, so the phones are not connected to the internet directly.
- We don't get this problem at the office, I suppose we have better protection there.
- The problems don't stay forever. They come and go, then come back.
I've looked in the Asterisk logs several times, but couldn't find anything related.
Questions
I would like to know how this works.
- Do these calls originate from the home LAN of these employers?
- Does the Asterisk server play a role here?
- What can cause this? Is this malware on a laptop?
- Is it some harmeless process that connects to this phone and causes the phone to think a call is made?
And of course:
- How can we get rid of these calls?
Best Answer
It's a brute force, asterisk servers always get that kinda thing if connected to the public IP.
My solutions are :
allowguest=noin thesip.conf[default]context to empty.