Ghost/Phantom Calls (from 1000, 1001, 120 etc.)

  • 3
  • 8
  • Question
  • Updated 3 years ago
  • Answered
  • (Edited)
Archived and Closed

This conversation is no longer open for comments or replies and is no longer visible to community members. The community moderator provided the following reason for archiving: We have archived this topic as it has either reached a resolution has become inactive, or information contained in this thread is no longer accurate. If you have a related question on this subject, please post a new topic.

Tickets have been open with support.  Receive many ghost calls and need help reaching a resolution. 
Photo of Raj


  • 140 Points 100 badge 2x thumb
  • that I have wasted my money and am now I am wasting my time

Posted 6 years ago

  • 3
  • 8
Photo of Kim

Kim, Alum

  • 44,084 Points 20k badge 2x thumb
Official Response
Hey Everyone, just wanted you to check below link for the updated Port Ranges
How do I troubleshoot Call Quality issues - QoS?

SIPVicious “friendly-scanner” Attacks --- SIPVicious is a free SIP security testing suite. SIPVicious scans IP addresses looking for SIP devices, helps identify active PBX extensions and provides a mechanism to crack SIP user passwords.

RingCentral is not responsible for fixing SIP port scanning attacks, and can only make recommendations. Selection, configuration and maintenance of customer network equipment is not handled by RingCentral. RingCentral is not your ISP.

SIPVicious can only be stopped by configuring a router to block SIP signaling from all but a selection of specific IP address ranges. Routers which support access control lists (ACL) can do this.

The only stable resolution is to lock down the SIP ports on the router to only allow inbound and outbound traffic to RingCentral IP networks and  SonicWALL routers or ACL (Access Control List) compatible Cisco routers can do this.  Most SOHO (small office/home office) routers do not have the capability to set up rules like these.
Photo of Dave Herron

Dave Herron, U.S. Tier 3 Support

  • 768 Points 500 badge 2x thumb
Official Response
This reply was created from a merged topic originally titled Why am I receiving calls from no one? Is RingCentral doing this to use my minutes....

As an engineer for RingCentral I can tell you with authority we are definitely not doing this to rack up minutes. This is actually a result of malicious intent. "Hackers" use a program called SIP vicious to probe people's networks and compromise phones. They then attack your phones by ringing them and ultimately get your login information from your phone. They can then use your specific login information to login to the RingCentral and make calls on your behalf. You can validate one of these attacks if your phone rings with a suspicious caller ID ("100") and then if you look in your RingCentral call log it will not show the call. That means the call didn't come through RingCentral servers, and the attackers have found a way in to your network. This can be mitigated one of 2 ways.
1. Recommended that you limit traffic to and from your phones ONLY from RingCentral IP addresses. You may need to enage the help of an IT professional to do this. The IP ranges you should be accepting traffic from are and