In the past 24 hours, I’ve been receiving random internal phone calls to a ring group that seem to be “empty” – no sound or anything when I answer them.
The caller ID will show something like 1001, 40, or 109, which are not even in use as extensions or ring groups or feature code.
Here’s the FreePBX call log:
1.2013-02-13 07:09:21SIP/214-0…214"MyPhone" 214SIP/213-00…ANSWERED00:05
2.2013-02-13 06:43:29SIP/55.55…1001"1001" 299SIP/202-00…ANSWERED00:07
3.2013-02-13 06:43:20SIP/55.55…1001"1001" 299SIP/202-00…ANSWERED00:08
4.2013-02-13 06:43:10SIP/55.55…1001"1001" 299SIP/202-00…ANSWERED00:21
5.2013-02-13 03:31:22SIP/55.55…109"109" vmu200SIP/218-00…ANSWERED00:01
6.2013-02-13 03:31:12SIP/55.55…109"109" 299SIP/202-00…ANSWERED00:21
7.2013-02-13 03:31:01SIP/55.55…109"109" 299SIP/202-00…ANSWERED00:27
8.2013-02-13 02:48:49SIP/55.55…40"40" 299SIP/200-00…ANSWERED00:02
9.2013-02-13 02:48:46SIP/55.55…40"40" 299SIP/200-00…ANSWERED00:02
10.2013-02-13 02:48:35SIP/55.55…40"40" 299SIP/200-00…ANSWERED00:12
11.2013-02-13 02:07:00SIP/204-00…204"device" s…ANSWERED00:03
12.2013-02-13 02:06:52SIP/55.55…20"20" 299SIP/204-00…ANSWERED00:02
13.2013-02-13 02:06:50SIP/55.55…20"20" 299SIP/204-00…ANSWERED00:01
14.2013-02-13 02:06:40SIP/55.55…20"20" 299SIP/204-00…ANSWERED00:09
15.2013-02-13 01:25:24SIP/55.55…50"50" 299SIP/200-00…ANSWERED00:03
16.2013-02-13 01:25:21SIP/55.55…50"50" 299SIP/200-00…ANSWERED00:02
17.2013-02-13 01:25:14SIP/55.55…50"50" 299SIP/200-00…ANSWERED00:06
18.2013-02-13 00:44:11SIP/55.55…11"11" 299SIP/200-00…ANSWERED00:03
19.2013-02-13 00:44:08SIP/55.55…11"11" 299SIP/200-00…ANSWERED00:02
20.2013-02-13 00:44:00SIP/55.55…11"11" 299SIP/200-00…ANSWERED00:07
21.2013-02-12 23:28:18SIP/211-00…211"Kitchen" 202SIP/202-00…ANSWERED00:10
The top line is a “real” call placed from my desk phone to another phone as a test. 299 is my ring group.
The SIP/55.55 (numbers changed) is the beginning of my Internet IP address. All of my extensions are in the 200s, so Kitchen (211) is a legitimate extension, and that was probably a legitimate call, but all of the extensions, like 20, 40, 50, 11 are all new to me, and when I look in the FreePBX extension list, they don’t show up.
I checked my FreePBX and voip.ms call records, and it doesn’t look like any other calls are being placed with my account.
“Allow Anonymous Inbound SIP Calls” was already disabled.
And these ports are forwarded to my FreePBX machine:
10000-20000 UDP and TCP
5060-5082 UDP and TCP
5565 UDP and TCP
These have been forwarded for a while, probably a year. I know some of them were forwarded to allow the use of an Android softphone (CSipSimple in my case), and others were added to solve a one-way audio problem that we would experience.
fail2ban is running, and I have it set to e-mail me when it bans an IP (after a few failed attempts). Haven’t received any e-mail about a ban.
So I guess I’m wondering what could be going on! It’s very strange to me. Does anybody recognize these symptoms or have any suggestions?
I’m using FreePBX 2.9.0.12 and Asterisk 1.8.7.2