Remote SIP phone constantly ringing

Just an FYI to possibly save someone a few hours of time trying to resolve a remote SIP phone ringing at a remote worker’s home.

Had an issue where the worker took a phone home from work and after a day or two the phone would start ringing constantly, with no one on the other end.

Monitored and TCPDumped at the office PBX looking for any sign of hackers coming in through the firewall and could never find any evidence of suspicious activity.

After a few hours of searching, I looked at some logs on the phone and could see some hacker traffic arriving at the phone, and causing it to ring.

Turns out SIP-ALG was enabled on the home user’s local router was setting up a helper for the SIP traffic and decided to send the hacker off to the phone. Turned off SIP-ALG and the calls stopped. To confirm the theory, I turned it back on and the hacker calls started up again.

I believe the term for this is NAT Slipstreaming.

Hopefully this will be helpful for someone.

Also, most phone manufacturers have a config option to only allow SIP from registrar or proxy server, or to disallow IP calling. This can accomplish the same thing.

1 Like

And this is not necessarily an ALG specific issue, in that you can get this problem with cheap routers even without ALG. Another band-aid is to change the local SIP port on the device from 5060 to some very high random number.

1 Like

This topic was automatically closed 31 days after the last reply. New replies are no longer allowed.