1. SIP Port Scanning (The Most Common Cause)
- Targeting Port 5060: Hackers use automated tools (such as "SIPVicious") to scan IP addresses for open SIP ports, with 5060 and 5061 being the most common targets.
- Triggering a Ring: When a scanner hits an open port on your fiber router, it sends a "SIP INVITE" message. The router forwards this to your VoIP device (IP phone or ATA), causing it to ring.
- Result: When you answer, there is no audio because it is not a genuine call, just a vulnerability scan.
2. Misconfigured Firewall or Router Settings
- Exposed VoIP Devices: If your SIP phone or Telephone Adapter (ATA) is directly facing the internet without being protected by a firewall, it will receive these scans constantly.
- SIP ALG (Application Layer Gateway): Many routers have a feature called SIP ALG enabled by default. While meant to help VoIP traffic pass through NAT (Network Address Translation), it often disrupts it, leading to ghost calls or one-way audio.