Weird random non-calls or empty calls on ring group

In the past 24 hours, I’ve been receiving random internal phone calls to a ring group that seem to be “empty” – no sound or anything when I answer them.

The caller ID will show something like 1001, 40, or 109, which are not even in use as extensions or ring groups or feature code.

Here’s the FreePBX call log:

1.2013-02-13 07:09:21SIP/214-0…214"MyPhone" 214SIP/213-00…ANSWERED00:05
2.2013-02-13 06:43:29SIP/55.55…1001"1001" 299SIP/202-00…ANSWERED00:07
3.2013-02-13 06:43:20SIP/55.55…1001"1001" 299SIP/202-00…ANSWERED00:08
4.2013-02-13 06:43:10SIP/55.55…1001"1001" 299SIP/202-00…ANSWERED00:21
5.2013-02-13 03:31:22SIP/55.55…109"109" vmu200SIP/218-00…ANSWERED00:01
6.2013-02-13 03:31:12SIP/55.55…109"109" 299SIP/202-00…ANSWERED00:21
7.2013-02-13 03:31:01SIP/55.55…109"109" 299SIP/202-00…ANSWERED00:27
8.2013-02-13 02:48:49SIP/55.55…40"40" 299SIP/200-00…ANSWERED00:02
9.2013-02-13 02:48:46SIP/55.55…40"40" 299SIP/200-00…ANSWERED00:02
10.2013-02-13 02:48:35SIP/55.55…40"40" 299SIP/200-00…ANSWERED00:12
11.2013-02-13 02:07:00SIP/204-00…204"device" s…ANSWERED00:03
12.2013-02-13 02:06:52SIP/55.55…20"20" 299SIP/204-00…ANSWERED00:02
13.2013-02-13 02:06:50SIP/55.55…20"20" 299SIP/204-00…ANSWERED00:01
14.2013-02-13 02:06:40SIP/55.55…20"20" 299SIP/204-00…ANSWERED00:09
15.2013-02-13 01:25:24SIP/55.55…50"50" 299SIP/200-00…ANSWERED00:03
16.2013-02-13 01:25:21SIP/55.55…50"50" 299SIP/200-00…ANSWERED00:02
17.2013-02-13 01:25:14SIP/55.55…50"50" 299SIP/200-00…ANSWERED00:06
18.2013-02-13 00:44:11SIP/55.55…11"11" 299SIP/200-00…ANSWERED00:03
19.2013-02-13 00:44:08SIP/55.55…11"11" 299SIP/200-00…ANSWERED00:02
20.2013-02-13 00:44:00SIP/55.55…11"11" 299SIP/200-00…ANSWERED00:07
21.2013-02-12 23:28:18SIP/211-00…211"Kitchen" 202SIP/202-00…ANSWERED00:10

The top line is a “real” call placed from my desk phone to another phone as a test. 299 is my ring group.

The SIP/55.55 (numbers changed) is the beginning of my Internet IP address. All of my extensions are in the 200s, so Kitchen (211) is a legitimate extension, and that was probably a legitimate call, but all of the extensions, like 20, 40, 50, 11 are all new to me, and when I look in the FreePBX extension list, they don’t show up.

I checked my FreePBX and call records, and it doesn’t look like any other calls are being placed with my account.
“Allow Anonymous Inbound SIP Calls” was already disabled.

And these ports are forwarded to my FreePBX machine:

10000-20000 UDP and TCP
5060-5082 UDP and TCP
5565 UDP and TCP

These have been forwarded for a while, probably a year. I know some of them were forwarded to allow the use of an Android softphone (CSipSimple in my case), and others were added to solve a one-way audio problem that we would experience.

fail2ban is running, and I have it set to e-mail me when it bans an IP (after a few failed attempts). Haven’t received any e-mail about a ban.

So I guess I’m wondering what could be going on! It’s very strange to me. Does anybody recognize these symptoms or have any suggestions?

I’m using FreePBX and Asterisk

Hi, my thoughts…

This could possibly be “someone/something” is trying to connect you anonymously. It may very well be hitting exten s in the [default] context…you can check out the logs to be sure.

Have you set NO to “Allow SIP Guests” in Asterisk SIP Settings?

Allow SIP Guests WAS on or set to yes. I just turned it to no.

Here’s the log snippet from a call I just received this morning. 555.555.555.555 represents my real IP.

I don’t quite understand it all, myself.