I'm certain whoever it is, is trying to get at me through the phone. I've stopped using the DECT phones and sent them back to BT, but I'm using my landline via one of the adaptors instead, so it's still the same system.

Received a phone call a few minutes ago, I didn't answer as the number was not recognised by myself and no message was left. Looking the number up on Google I cannot find any information, but more than likely some spam call.

Router logs show

10.52.40 SIP (some number starting with p) RECV INVITE

10.52.40 SIP (some number starting with p) SEND 180 INVITE

10.52.40 DoS(Port Scanning): IN=ppp0 OUT= MAC= src=159.192.104.177 DST=My current IP address LEN=60 TOS=0x00 PREC=0x00 TTL=47 ID=41812 DF PROTO=TCP SPT=23235 DPT=2209 WINDOW=0 RES=0x00 URGP=0 MARK=0x8000000

10.53.10 SIP (some number starting with p) RECV CANCEL

10.53.10 DSP (some number starting with p) - CallEnd Underruns 44 PeakUnderruns 21

10.53.10 SIP (some number starting with p) SEND 200 CANCEL

10.53.10 SIP (some number starting with p) SEND 487 INVITE

10.53.10 SIP Error responses sent - Mon Jan 29 10:53:10 2024, INVITE, 487, ip address which I think belongs to BT as it always shows the same one located at Bristol

10.53.10 SIP RECV ACK

10.53.17 SIP RECV NOTIFY

10.53.17 SIP SEND 200 NOTIFY

This has happened quite a few times over the last couple of months, 5 incoming phones calls which I blocked as they were showing spam calls when looked up, port scan exactly the same time and 1 incoming phone call from a friend, port scan exactly the same time. I know people can get your landline numbers marketing etc, any company that has been breached in the past if they had your info. I did answer a call in December as it was showing the same area code I live in so thought it was a relative, I only said hello, realised it was a spam call when they mentioned boilers and loft insulation, put phone down and blocked, but if they were ringing me from a computer and port scanning same time, would the phone show my IP address to them at their end? Just wondering as that is roughly when these attacks started.

Could an admin please explain why every time someone rings in to our landline, a port scan starts at exactly the same time? A taxi service rang today automated call just to let us know car was on its way, at exactly the same time a port scan came in from the same Chinese company, which is always the one to attack first when a variation of the IP address I have happens.  We are still worried sick something is happening with the phone line, this is definitely not a one off or coincidence, it has happened loads of times now 😞. Is it possible someone is listening in, I've checked diverts etc are off which it states they are? Would an admin also please erase the IP address I mentioned on the above post, just in case whoever it belongs to is also viewing this forum, thanks

Hi.

I reset the router this morning with my computer and TV turned off, kept the computer off until 6pm and then checked the logs. I'd been given a brand new IP address, totally different for a change, so things were looking good, until I checked the router logs. At 2pm, there had been one port scan to the new IP address. I recognised the attackers IP number straight away, as it is always the same one which attacks first, whenever the IP address has been altered (based in China). How on earth can someone get a new IP address when my computer is not even turned on. It has also been totally wiped a few weeks ago, memory totally cleared too, nothing found when running scans on it, so as far as I am aware it's safe. I don't think it's a case of the new IP address is already compromised too, otherwise why is it the same IP address that always gets the new number first? I'm convinced the DECT system is sending the IP address out to this China location, or if they know my landline number, is it possible they can pick up my IP address that way via the DECT system? There is something clearly not right here, all I was hoping for was a safe secure connection when moving to this new fibre 900 and it is far from safe 😞  Even seeing port scans in the logs at the same time as incoming calls, that cannot be right and should not be happening. It's as though someone else knows when an incoming call is being received so they can try to listen in, couple of times on outgoing call a scan has started too. Any help/advice would be appreciated please. Thank you 

If that's the case then why is it always the same Chinese company/IP that attacks me first, if there are loads of bots on the internet ready to port scan, then surely percentage wise, I'd expect to see another coming in first, but this is never the case.
It just so happens entering this companies name into Google and asking if it is linked to BT too, shows China Mobile International has partnered with BT to launch CMLink in the UK a few years ago. What a surprise, exactly what I had expected.

China Mobile is the damn thing that attacks any new IP address given to me first, before the rest decide to join in. As for these port scans happening at the same time I make a phone call or someone rings in to me, that should definitely NOT be happening. I'm going to report this elsewhere, out of loads of IP addresses I must have received over the years, the router logs have never ever shown DOS attacks until recently. The Firewall is doing its job with regards to my computer, main concern is the actual phone line and if it has been compromised. Too many odd things are happening with calls.