Update on SPIT Calls to Polycom Phones

Yesterday, we published a blog on SPIT calling to Polycom phones. This was an issue our customers experienced over the weekend and throughout Monday. It has been affecting Polycom users on the Internet at large. Today, we implemented a configuration change to our customers' Polycom phones to cut down on the SPIT calls, and we wanted to expand on that here. If you are still experiencing SPIT calls now, please reboot your phone or contact our Customer Success Team for help.

New Configuration Setting Delivered by Our Boot Server

This morning, we implemented a mechanism for Polycom phones registered with OnSIP to check against a whitelist of call origination IP addresses before accepting the call. The whitelist now exclusively contains our outbound proxy at sip.onsip.com, meaning that only calls routed via our service will be accepted by the phones. You will not miss calls meant for you. All calls to your phone number or SIP address are routed by OnSIP, per SIP standards and per our service to you.

This setting (Polycom's Incoming Signal Validation) is rolled out to your phones via our boot server. If you are still experiencing SPIT calls, you can grab this latest update by rebooting your phone. Please do not hesitate to contact our Customer Success Team if you have any questions.

What Happens Now When a SPIT Call Comes from the Internet, Directly to Your Phone

If a call is received by a Polycom phone from somewhere other than our systems, it will respond to the call with a 404 Bad Request. For those who are interested, here's a SIP trace showing what's happening now when an INVITE from an unknown entity is received by your phone:

INVITE sip:6000@ SIP/2.0
Via: SIP/2.0/UDP;branch=z9hG4bK-d8754z-b6105971d69bbd75-1---d8754z-
Max-Forwards: 70
From: ;tag=d8227379
Content-Type: application/sdp
Supported: replaces
User-Agent: Bria 4 4.1.1 74256-d98a3da0-M
Content-Length: 260

o=- 1438634252817379 1 IN IP4
s=Bria 4 release 4.1.1 stamp 74256
c=IN IP4
t=0 0
m=audio 56740 RTP/AVP 0 18 9 8 101
a=rtpmap:18 G729/8000
a=fmtp:18 annexb=yes
a=rtpmap:101 telephone-event/8000
a=fmtp:101 0-15
SIP/2.0 400 Bad Request
Via: SIP/2.0/UDP;branch=z9hG4bK-d8754z-b6105971d69bbd75-1---d8754z-
From: ;tag=d8227379
To: ;tag=CE2381CD-5033CFE8
User-Agent: PolycomVVX-VVX_400-UA/
Accept-Language: en
Content-Length: 0

It's preferable that the phones respond with nothing to deny any potential bots' figuring out the phone exists, but this is not a setting we have found in Polycom phones. We are submitting this request to Polycom.

Ensuring Your VoIP Security

Again, we'd like to stress that it's important to follow the below security measures to avoid hackers from gathering your SIP credentials and making calls on your dime. That is their ultimate goal, and we are able to stop it with these measures:

  1. Around a year ago, we disabled the web interface for phones using our boot server. While we do give you the ability to re-enable the web interface for the phones, we strongly recommend that you keep the phone's web interface disabled.
  2. As always, we recommend that all OnSIP phones are on the OnSIP boot server and all phones are behind a NAT. To review the current registrations, click on a user's name in the Admin Portal; then click 'show details' next to the registration that shows in green in the lower left corner. If the phones are properly protected behind a NAT, it is much harder for fraudsters to reach the phone with these exploratory packets.

If you have any additional questions, please feel free to contact us.

Topics: Polycom, SMB Leadership, Business Technology, Office Management