Ghost calls are a common occurrence that many phone users have experienced. Some of the frustration that accompanies receiving a ghost call is connected to the lack of control the recipient has in the situation. The calls may occur in the middle of the night or at other times that are inconvenient. The source of the call is usually unknown since ghost calls are typically the result of successful port scanning that is conducted by automated device discovery software.
What are Ghost Calls?
Ghost calls, also known as phantom calls, result when the calling entity does not leave a message or answer when the receiving party picks up the phone. Answering a ghost call results only in dead silence on the calling end. These calls can happen frequently and are often annoying and time-consuming.
Examination of the caller ID log often reveals an unusual pattern of incoming numbers that include area codes or prefixes such as 100, 1000, 1001. Because such numbers do not exist in reality, their presence in a call log is almost always an indication that the call originated from a phantom source.
Where Do Ghost Calls Originate?
Ghost calls rarely originate from a service provider but are often the result of automated port scanning. The port scans, which are usually random, are intended to uncover phone system vulnerabilities. A successful port scan may result in calls being billed to the scanned phone number while the actual caller remains undetected and, of course, not billed for any calls he or she makes using the victim's phone number.
SIPVicious is a well-known port scanner that is available at no cost. This tool tests for the presence of SIP (Session Initiation Protocol) ports that hackers can break into. If the scan is successful, the hacker uses SIPVicious to retrieve passwords and to clone the targeted phone system, which allows them to make calls that the victim will have to pay for.
Some ghost calls can be the result of auto-dialers that are used by telemarketers and bill collectors. The Federal Communications Commission (FCC) places restrictions on how long auto-dialers can be permitted to ring. A call will automatically disconnect once the FCC limit is reached, resulting in dead silence on the calling end.
How T Configure Phone Settings to Stop Ghost Calls
Ghost calls are annoying and can pose a risk to the phone user if the ultimate goal of the call is to discover system vulnerabilities that can be exploited. Fortunately, rogue calls can be stopped through the use of various techniques. The following section summarizes solutions that can be implemented by service providers and end users to curtail ghost calls.
Solutions Implemented by Service Providers
Phone users who receive ghost calls should alert their service provider about the existence of the problem. The consumer should verify that their phone company has carefully configured firewall protocols to block port scans. If the phone company has implemented appropriate measures, port scans would go directly to the user's internet address rather than through the phone provider.
Auto-dialers, unlike port scanners, usually have a legitimate phone number that will often display on the caller ID panel. In such cases, it is possible for the phone company to block specific incoming calls. The user may be able to block incoming calls by accessing the phone's call configuration panel. Since auto-dialers tend to change the caller ID number frequently, keeping the list of blocked numbers updated will likely become impossible after some time. In this case, it may be best to request the assistance of the phone service provider in blocking incoming calls from specific caller IDs.
Solutions Implemented by End Users
Port scans are usually automated and tend to be repetitive. Consumers can gain an advantage by using the router settings page to configure firewalls to block port scans. Some higher end routers, such as those that are used in business settings, support SIP traffic blocking. Although home routers may not have this capability, implementing this solution would allow the home user to white-list all IP addresses and ports that belong to their phone provider while disallowing communication from all other sources.
SIP traffic is used to make VoIP calls and port 5060 is the most commonly-used port for such calls. Changing the SIP port on a phone or phone adapter to something other than 5060 may be a solution but end users should always verify that the chosen port is one that their service provider can support for SIP messaging. A scanner will eventually be able to find the new port, which makes this solution viable as a temporary method pending implementation of a more robust long-term plan.
Users can also modify settings on their phone or ATA device to eliminate some of the vulnerabilities that may result in successful port scans. The type of customization required by this solution will likely vary for each manufacturer and model number but the following summary may clarify best practices pertaining to call configuration options.
There are four major settings that should be configured to prevent ghost calls, including SIP messages, SIP proxy, direct SIP calls and SIP trust server. Each of these settings will now be addressed in turn.
Settings for Incoming SIP Messages
- Enable validation of all incoming SIP messages.
- Enable checking of User ID for incoming invite. When this setting is enabled, direct IP calling will be disabled.
Settings for SIP Proxy
- Incoming SIP Messages should be allowed only for the SIP Proxy.
- The SIP contact register should be configured to use LAN (local area) instead of WAN (wide area) addresses.
- Use of privacy header and P-Preferred-Identity header should be kept at the default setting.
Settings for Direct SIP Calls
All direct IP calls should be blocked.
Settings for SIP Trust Server
Configure the phone to accept SIP traffic only from a trusted server.
Despite what their name might imply, ghost calls are very real and annoying. This is true whether they originate from automated port scanners or auto-dialer software. Fortunately, there are concrete measures that phone service providers and end users can take to put a stop to these types of calls. This article summarized some of the most common sources of phantom calls and provided steps that may be taken to prevent their occurrence in the future.