Yesterday, we published a blog on SPIT calling to Polycom phones. This was an issue our customers experienced over the weekend and throughout Monday. It has been affecting Polycom users on the Internet at large. Today, we implemented a configuration change to our customers' Polycom phones to cut down on the SPIT calls, and we wanted to expand on that here. If you are still experiencing SPIT calls now, please reboot your phone or contact our Customer Success Team for help.
New Configuration Setting Delivered by Our Boot Server
This morning, we implemented a mechanism for Polycom phones registered with OnSIP to check against a whitelist of call origination IP addresses before accepting the call. The whitelist now exclusively contains our outbound proxy at sip.onsip.com, meaning that only calls routed via our service will be accepted by the phones. You will not miss calls meant for you. All calls to your phone number or SIP address are routed by OnSIP, per SIP standards and per our service to you.
This setting (Polycom's Incoming Signal Validation) is rolled out to your phones via our boot server. If you are still experiencing SPIT calls, you can grab this latest update by rebooting your phone. Please do not hesitate to contact our Customer Success Team if you have any questions.
What Happens Now When a SPIT Call Comes from the Internet, Directly to Your Phone
If a call is received by a Polycom phone from somewhere other than our systems, it will respond to the call with a 404 Bad Request. For those who are interested, here's a SIP trace showing what's happening now when an INVITE from an unknown entity is received by your phone:
INVITE sip:firstname.lastname@example.org:6050 SIP/2.0 Via: SIP/2.0/UDP 192.168.0.54:48808;branch=z9hG4bK-d8754z-b6105971d69bbd75-1---d8754z- Max-Forwards: 70 Contact: To: From: ;tag=d8227379 Call-ID: NWExNDE1NTExNGI1YTFmMTEzNzczNTc0YjgxMzAwZTI CSeq: 1 INVITE Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, NOTIFY, MESSAGE, SUBSCRIBE, INFO Content-Type: application/sdp Supported: replaces User-Agent: Bria 4 4.1.1 74256-d98a3da0-M Content-Length: 260 v=0 o=- 1438634252817379 1 IN IP4 192.168.0.54 s=Bria 4 release 4.1.1 stamp 74256 c=IN IP4 192.168.0.54 t=0 0 m=audio 56740 RTP/AVP 0 18 9 8 101 a=rtpmap:18 G729/8000 a=fmtp:18 annexb=yes a=rtpmap:101 telephone-event/8000 a=fmtp:101 0-15 a=sendrecv SIP/2.0 400 Bad Request Via: SIP/2.0/UDP 192.168.0.54:48808;branch=z9hG4bK-d8754z-b6105971d69bbd75-1---d8754z- From: ;tag=d8227379 To: ;tag=CE2381CD-5033CFE8 CSeq: 1 INVITE Call-ID: NWExNDE1NTExNGI1YTFmMTEzNzczNTc0YjgxMzAwZTI User-Agent: PolycomVVX-VVX_400-UA/126.96.36.19941 Accept-Language: en Content-Length: 0
It's preferable that the phones respond with nothing to deny any potential bots' figuring out the phone exists, but this is not a setting we have found in Polycom phones. We are submitting this request to Polycom.
Ensuring Your VoIP Security
Again, we'd like to stress that it's important to follow the below security measures to avoid hackers from gathering your SIP credentials and making calls on your dime. That is their ultimate goal, and we are able to stop it with these measures:
- Around a year ago, we disabled the web interface for phones using our boot server. While we do give you the ability to re-enable the web interface for the phones, we strongly recommend that you keep the phone's web interface disabled.
- As always, we recommend that all OnSIP phones are on the OnSIP boot server and all phones are behind a NAT. To review the current registrations, click on a user's name in the Admin Portal; then click 'show details' next to the registration that shows in green in the lower left corner. If the phones are properly protected behind a NAT, it is much harder for fraudsters to reach the phone with these exploratory packets.
If you have any additional questions, please feel free to contact us.