I have a couple customers whose phones are ringing all day long from various IP addresses. The calls do not show up in the Asterisk call log. These users are connected to the server on port 5060 so my assumption is that someone is sniffing port 5060 and calling these phones directly somehow. Does anybody know how to stop this? The phones in questions are a Polycom and a Grandstream ATA. No caller ID information is displayed aside from an IP address on the Polycom.
Use a firewall. Anything on port 5060 that is exposed to the internet will get attacked.
And you should set allowguest=no.
If you want to run you Asterisk on a public IP, you better know what you are doing. VoIP is a very abusable service, because there is a bunch of admins that put VoIP servers on the internet and don’t secure it. Don’t be one of those who get a hudge phone bill at the end of the month because their server was hacked.
He’s running the phones on a public IP. There isn’t enough information to know whether Asterisk is reachable.