Mysterious calls from non-existent extension

One of our remote VOIP phones is suddenly getting multiple calls from extensions that do not exist.
On the user’s phone it will list extensions like “100”, “101”, “1000”, “200”, etc… On some, it
showed the extension as “‘hi’ OR ‘x’=‘x’”.
These calls do not show up in the CDR log.
I looked in our FreePBX settings and see that under Settings – Asterisk SIP Settings, Allow Anonymous SIP calls is set to NO.

I suspect someone is trying to hack into his phone on his local network.
Does anyone have insight into this?

Thank you!

It could be a exploit originating from the local lan of the phone, but much more likely to be unauthenticated SIP packets ‘leaking’ inbound through the router. Changing the local phone SIP port (not the PBX SIP port) will make these go away.

1 Like

Don’t know which phone brand you are using, but many have a setting where you can block incoming invites that do not originate from your server’s address.

Or… You can open these ports from Trusted addresses only.

For Yealink phones use :


Thank you to all for your responses. We have, apparently, solved the problem by changing the phone’s transport from UDP to TCP. Making this change also changed the port through which it connects to the server.

FYI…The phone in question is a Yeallink T46G.

Again, thank you for everyones’ responses.


This topic was automatically closed 365 days after the last reply. New replies are no longer allowed.