Page 1 of 1

Spam call HELP

PostPosted: 07/30/2019
by tijeff9
hello, it's been some year that I am with freephoneline without any problem, for some time I receive spam call, I can receive between 50 - 100 call in a row, I opened a ticket freephoneline and he tell me that his sorry but he can not do anything if I manually enter the call to block them in my home phone, someone can help me? or do you have a company that can filter spam call thanks for your help

Re: Spam call HELP

PostPosted: 07/30/2019
by Liptonbrisk
tijeff9 wrote: I can receive between 50 - 100 call in a row

Do these calls or ringing correspond with different numbers (that clearly aren't normal phone numbers) on your call display? 100, 1000, 1001, 999, (or "admin") etc? If so, those aren't calls. They're SIP scanners. SIP scanners are programs written by crackers (script kiddies). They look for ways to break into your home network by scanning for open ports. Typically, they'll scan for common service ports to see if they're open, such as UDP 5060, 5061 and a few others (some scan for a lot more than that). If a port is open, they can access your ATA (and, potentially, other devices on your LAN). Your phones will ring with caller IDs appearing as 1001, 999, something else that's clearly not a regular phone number, etc. These crackers will try to make free calls using your services (or much worse). That's why it's important to have a good NAT firewall in a router protecting your ATA, computers, and other devices on your LAN (local area network) and to never port forward or use DMZ. Port forwarding is a security risk. Enabling DMZ is even worse.

1) What brand and model ATA are you using?

2) In regards to the router you're using, read point A below.

Typically, for VoIP SIP services, especially for Freephoneline, you want

A) a router that does not have a full cone NAT,

Visit ... es-of-nat/.
Mango from the forums writes,
“Use a restricted cone NAT router, and do not use port forwarding or DMZ. Restricted cone NAT will only permit
inbound traffic from the service provider you're registered to. If you have a full cone NAT router, it will allow traffic
from any source. This is probably not what you intend.
If you have a Windows computer, you can test your router using the utility here:,22292023. To run it, use stun from a command prompt.”
Essentially, you download the file; extract the stun.exe file from within the zip file to an easily
accessible location; use an elevated command prompt (visit ... inistrator); change directory (cd) to the
directory or location where you extracted stun.exe (visit ... c-commands); and type “stun” without
the quotation marks followed by the enter/return button on your keyboard.
Asus routers, at the time of this writing, produce port restricted cone NAT routers, for example and are fine,
provided you’re using one with Asuswrt-Merlin, third party firmware installed.

B) a router that lets you disable SIP ALG if it's buggy,

To understand why SIP ALG often causes horrible problems, please visit (scroll down to the section on SIP ALG problems).

If you're dealing with a modem/router combo issued by an ISP or a router with SIP ALG forced on, you may have
to use for the Proxy Server. The purpose of is to circumvent
faulty SIP ALG features in routers.

C) a router that allows you to set QoS or assign highest priority to your ATA or IP Phone over all other devices on your LAN (local area network),

For a very general description of what QoS can do for you, visit
The basic idea is if you're torrenting or have a bunch of other computers, smartphones, tablets, etc. downloading and uploading (hogging all your available bandwidth), you don't want
your ATA not to have access to enough bandwidth to make or receive calls properly. So QoS or a Bandwidth Monitor feature (which is just another form of QoS) is a really good idea for VoIP users.

I often get an occasional relative complaining to me, "Hey my calls sound choppy." And then when I go visit, some kids are playing MMOs on a computer, while another person is downloading a huge file,
and another person is backing up files to a cloud service all at the same time someone else is trying to talk on the phone. All those devices, without QoS enabled, are fighting over available bandwidth along with the ATA.

and D) A router that lets you adjust both Unreplied and Assured UDP timeouts.

Thanks to Mango, many of us now understand that in order for ATAs to remain registered and working properly with a VoIP SIP provider like Freephoneline, in particular after power failures, the following conditions must be met:

UDP Unreplied Timeout (in your router) < SIP OPTIONS Keep Alive Interval (in your ATA; for Obihai ATAs this is X_KeepAliveExpires) < UDP Assured Timeout (in your router) < SIP Registration Failure Retry Wait Time:(or RegisterRetryInterval in Obihai ATAs)

“<“ means less than.

When a modem leases a new IP address, a problem can arise where prior associations using the old IP address are maintained in the router. When the ATA attempts to communicate using the old IP address, the response is unreplied, and then if the UDP Unreplied timeout is greater than the Keep Alive Interval (and UDP Unreplied timeout is often set to 30 by default in consumer routers) a problem arises where the corrupted connection persists. If UDP Unreplied timeout is, for example, 17, and the NAT Keep Alive Interval is 20, then the corrupted connection will timeout or close. A new connection will be created, and everything will work fine.

Another problem can occur when the Keep-Alive interval is greater than UDP Assured Timeout (often 180 by default in consumer routers): the NAT hole will close due to the ATA not communicating frequently enough with the SIP server. In turn, incoming calls may, intermittently, not reach the ATA. Again, X_Keepalives expires is supposed to be 20 with FPL.

(the above settings are making reference to those in Obihai ATAs)

Getting access to both UDP Unreplied Timeout and UDP Assured Timeout settings in consumer routers may be difficult, if not impossible. Asuswrt-Merlin (I would avoid any model below/less powerful than an RT-AC68U), third party firmware for Asus routers, does offer easy access to these two settings, which are found under General–>Tools-->Other settings. My understanding is that third party Tomato firmware has these two settings as well. So if your router supports Tomato firmware, that may be another option. Note that I will not be held accountable any damage resulting from failed firmware updates. Apparently, Mikrotik routers also allow users to change both Assured and Unreplied UDP timeout settings as well: ... 2115672/2/

The keep alive interval for FPL is 20. The SIP Registration Failure Retry Wait Time is 120. I use 17 for UDP Unreplied Timeout and 117 for UDP Assured Timeout.

ISPs do not issue customers routers that can do all four things I just listed. Typically it's far better to have your own router with strong QoS functions and a restricted cone NAT firewall,
disable whatever SIP ALG feature is enabled in the router, and stick whatever modem/router combo your ISP gives you into bridge mode. For Bell Hubs, visit ... r-1993629/. For Rogers, visit ... ridgemodem.

Re: Spam call HELP

PostPosted: 07/30/2019
by Liptonbrisk
tijeff9 wrote: if I manually enter the call to block them in my home phone, someone can help me?

Have you answered any of these calls? If so, log in at If the call you answered is not listed, then it wasn't a real call. It's more likely to be a SIP scanner. ... s-received ... host+calls ... y-1691509/

If these are actual calls and not SIP scanners/port scanners or hackers, you could manually add numbers to a phone handset's call block list (your phone would need to offer a call block feature).
Alternatively, if you have a Linksys ATA, you can use the method located at viewtopic.php?f=14&t=2337&p=13266 to sending incoming calls directly to Freephoneline's voicemail system.
If you have an Obihai ATA, the Telemarketing section starts at the bottom of page 25 of the PDF guide located at viewtopic.php?f=15&t=18805#p73839.

However, scammers and telemarketers can spoof or fake whatever outgoing Caller ID name and outgoing Caller ID phone number they want. So a scammer could call people while spoofing your phone number and name. If someone call blocks your phone number, that person is blocking your legitimate phone number. After a number has been blocked, the telemarketer or scammer can then change the outgoing caller ID to a different phone number and different name.

or do you have a company that can filter spam call

No, they don't. However, Obihai ATA users are able to make use of Nomorobo as explained in the PDF guide. Nomorobo does not catch everything.

Re: Spam call HELP

PostPosted: 07/30/2019
by tijeff9
hello thank for you answer

i have a grandstream ata h701
and i have bell router borne 3000

i dont want to add manually all the number , is not the same at all call

i send you a call log to view whant is the call

Re: Spam call HELP

PostPosted: 07/30/2019
by Liptonbrisk
tijeff9 wrote:i dont want to add manually all the number , is not the same at all call

Okay, those are actual calls and not SIP scanners.
The country code, 55, is Brazil.
Perhaps you are being targeted by this scam: ... -1.3801297 ... index.html

I can, with an Obihai ATA, use wildcards to send all calls starting with 55 elsewhere (to another phone number or to FPL's voicemail system).
The Obihai PDF guide I mentioned earlier explains how to do that: viewtopic.php?f=15&t=18805#p73839.
For example, XX. means match any phone number you dial.
55XX. means match any number starting with 55.

You would need a phone set with a call blocking feature that allows wildcards or allows you to block numbers that have a pattern.
I've never used this product and know nothing about it, but this might help: ... B0191XMBV2.
I'm not advocating that you buy it. I've never used it. I have no clue whether it allows you to block country codes. There may be similar products available.

I'm not aware of a way to route telemarketing calls elsewhere with Grandstream ATAs. Obihai ATAs offer more powerful call routing features.