From time to time our support team might tell you that some unexpected behaviour that you witnessed may be a result of port scanning. This article is designed to clarify what this means to you.
All about computer ports
To understand port scanning, it is useful to have a basic understanding of computer ports.
When you connect a device to the internet (for example, your computer or VoIP phone) it uses your internet connection to send and receive messages to other devices. Messages are sent to your device using an IP address, which is a unique identifier (similar to a postal address or telephone number).
It's very likely that your device will be doing several things on the connection at once. For example, imagine that you had a softphone running on your computer that you used to make and receive VoIP calls through the Gradwell system. You would also use your computer for browsing the internet.
If your computer was making a VoIP call and surfing the internet, you could easily have two lots of messages being delivered at the same time. Your computer would need a way to know whether the message should be sent to your web browser or your softphone application.
To assist with this, your computer also uses something called ports. You will have thousands of these on your computer. When you initiate a connection to the internet, a port will be used for it. For example, web browsers usually use port 80. Many softphones will use port 5060 for setting up VoIP calls.
Your port number will be added to your IP address and is used by your computer to successfully send received messages back to the original application. A moment ago we said that an IP address was a bit like your postal address. Adding a port number is like adding a name to that address - we can both get the message to your building, and now to the exact person that the message is for within the property.
What is port scanning?
Port scanning is the act of systematically attempting to find out what ports on a computer are open. Some ports are left "open" permanently because an application does not know when a message will be received. For example, your VoIP phone does not know when someone will ring you. Therefore it will keep a port open so that when our system sends a message to say that someone wants to call you it can be delivered to the phone.
Open ports can be a route into your computer, so somebody may use port scanning to find open ports in an attempt to break into your computer.
It's worth stressing at this point that ports being left open is completely normal in computing, and usually there are no issues with doing this.
Port scanning can also be a relatively normal occurrence because software can be used to automate the process in an attempt to find a single insecure device in amongst millions of potential IP addresses.
How may I know that I am being port scanned?
The first that many of our customers know that port scanning is occurring on one of their VoIP devices is when their phone exhibits weird behaviour. For example, the phone might ring for no reason. This is because messages are being sent to the port that the phone is using to be notified of incoming calls in an attempt to see if that port is open. Your phone may interpret these messages as an inbound call and ring.
What should I do if I'm being port scanned?
The best thing you can do if your device is being port scanned is to ensure that it is secure:
- The web interface password of the device is not set to the manufacturer default. Please note that if you purchased the phone from Gradwell we will have done this for you automatically
- The firmware used to run the phone is up to date. Firmware is the software used to run the phone, and manufacturers release updates from time to time to resolve security and performance issues. Please note that if you purchased the phone from Gradwell the firmware will be up to date at the time of purchase.
- Yealink: if you purchased your Yealink phone from Gradwell then contact our customer services team, who can remotely apply a fix to your device. It would be helpful if you could supply us with the MAC address of your device, which is usually found on a stick on the back of the phone
- Grandstream: If you use a GXP20xx series, GXW40xx series, HT502/503 or GXP21xx/14xx series phone, try enabling SIP User ID for incoming INVITE (this is found under SIP account settings on the phone's web interface)
- Panasonic: the KX-TGP500B02 phone has a proprietary feature called SSAF, which one of our customers has successfully used to stop port scanning. Follow the instructions on page six of this guide to enable this feature