Why Does “admin” Keep Calling My SIP Phone?


“Why does Admin keep calling my customer’s  SIP phone?  And when they answer nobody is there.”

This is a question that we receive frequently from new hosted PBX resellers.  Usually followed by the observation that there are no call logs available on the switch to evidence the call.

The answer is usually that the customer has become a victim of SPIT (yes, SPIT  a.k.a Spam over Internet Telephony).  In the VoIP world, SPIT is pretty common. Nefarious types looking to commit toll fraud will probe random IP addresses with a SIP dialer looking for a reply to a SIP INVITE.  When they find one, they will try to break into the web UI of the phone to setup call forwarding to expensive destinations.  When configured with default settings, most SIP phones will send a response to any INVITE they receive.  This has the unfortunate effect of  alerting the hackers to the presence of a SIP end-point and , annoyingly for the user,  ringing the phone.

Unfortunately, incidences of this behavior have become more common since the release of the SIP scanning tool called SIP Vicious.   The “admin” shown on the receiver’s Caller ID reflects the root username of the server’s administrator when the program was installed.  Other common Caller ID values are “friendly-scanner”, “1000” or no name at all.

As discussed in this serverfault post, there are several approaches that can be used to to thwart these efforts.  Many require technical skills to be able to do things like fine-tune firewall rules or send the malicious probe an invalid SIP response.  A much easier way to combat this nuisance is to configure the SIP phone  to only accept inbound calls from the server that the phone is registered to (although this option is not available for all manufacturers).

Of course, at SkySwitch we configure this option for SkySwitch hosted PBX resellers whenever possible.  As with all device options, it can be enabled for a single customer, or an entire office, with a single override in the fully-automated SkySwitch device provisioning server.

Remember:  Your success as a hosted PBX reseller depends on your ability to customize the look and operation of the phones that you deploy.  SkySwitch makes this easy to do. The SkySwitch device provisioning server enables remote provisioning and management of all the major SIP phone and ATA devices, including Polycom, Yealink and Cisco among others.   To learn more, contact a SkySwitch white label VoIP specialist today.