Protecting Your Videoconferencing System From Spammers

In general, videoconferencing systems are hardy little boxes that do their job of placing and receiving video calls – day in and day out. However, like the carpenter whose only tool is a hammer and sees everything as a nail, these systems tend to see any communications on a port used for videoconferencing as an inbound call. Most video systems, when probed on the ports used for video calling, interpret the connection as an inbound call, make their ringing noises to alert the users, and if the system is set to auto answer, will try to pick up the call.

Hey, what do you expect? They are videoconferencing systems and video calls are their entire reasons for existing!

So why aren’t these systems any smarter? Well, that’s because IP-based videoconferencing was designed back in a time when you could put a video system on the open internet and it would not be constantly attacked by script kiddies, scanned by foreign governments, or randomly probed by so-called security experts looking to make a name for themselves. As a result, the common videoconferencing protocols (H.323 and SIP) aren’t designed to verify that communications coming in on a videoconferencing port is a videocall before trying to answer the call. They just answer the call and assume that it’s another video system.

It’s like when you hear the phone ring and answer it, only to hear the high speed screaming of a fax machine.  You didn’t know that it wasn’t someone you could talk with, you just heard the ring and answered it. Ok, I know it is a rare occurrence today and an old reference, but you get the point.

The problem is that any system that is exposed to the open internet is going to get probed on lots and lots of ports, hundreds of times an hour. And even if a videoconferencing system is behind a firewall, the ports used for videoconferencing are sometimes “forwarded” to the internal network so that video calls can be received from anyone on the Internet. Getting one “phantom call” a week or even every day, is not a big deal. However, what happens when you start to get five a minute? Well, it gets annoying very quickly – especially if you are already in a call and keep get interrupted by a message, “Do you want to answer the call from 1000@acme.com?”

The problem has gotten seriously out of hand. Several of my clients are getting 5-10 phantom calls a minute. We often have to take the systems off network in order to make configuration changes to prevent the inbound calls, because our attempt to change the configuration is interrupted by more calls!!

How Can You Protect Yourself From Spammers?

There are a couple of things that you can do to prevent phantom calls from bothering your videoconferencing system.

1. Turn off the SIP protocol. This will take care of 90% of the issues. This is fine if you don’t need SIP for IP based communications and most systems using SIP will register with other services/servers.
2. Put your system behind a firewall and block every internet address from reaching your system by default. Then allow only the addresses of “friendly” videoconferencing systems to be able to call your system.  Alternatively, you can set your firewall to allow everyone by default but block a list of “bad addresses” that are known to be used by hackers. (The FBI Infragard is a good source for lists of “bad guys.”)
3. Put your system behind a firewall and use a firewall transversal device, which is a special set of servers that tunnels your video calls through the firewall so that you don’t have to open ports.
4. Register your system with a gatekeeper or SIP registrar, which is a device that acts as a call manager for your system and can block those calls before they get to your system.
5. Register your system with a cloud service. (Bluejeans, Cisco WebEx Telepresence, Lifesize, etc.) This will act as a call manager and add other functionality to your system.

New Tools

Fortunately, the videoconferencing industry has recognized this problem, and we are starting to see manufacturers build some “anti-spam” features into their videoconferencing endpoints. For example, Lifesize has recently released a version of the software for the Icon line of videoconferencing systems that will allow you to whitelist (who can call you) and blacklist (who can’t call you) systems based on IP address and domain name (see screenshot  below). It also prevents certain applications using SIP.

This doesn’t prevent the cause of the problem (unknown programs or individuals probing your system), but does prevent the symptoms (ringing of the videoconferencing system). Over the next year, I suspect that we’ll see more manufacturers incorporate this type of feature into their systems. I also suspect that this will be one more reason that we’ll see more users switching to cloud-based services, and registering their units to those services. Already, some cloud providers are using this in their sales pitch.

A quick word on ports: A port is simply a number that represents a type of protocol that is used on the internet. For example, port 80 is used for web pages, port 25 is used for sending emails. Use of ports is what allows you to have one device (your laptop or smartphone for example), that can be simultaneously using the Internet for many different applications (web, email, file sharing, etc.). Ports are what help separate and deliver the data coming in over the internet to the appropriate application. There are no laws governing what ports an application uses, but in order for everyone on the Internet to play nicely, people creating internet applications and hardware will stick to using the well known ports. H323 videoconferencing uses a number of well known ports, mainly 1720. SIP videoconferencing also uses a number of ports, mainly 5060 and/or 5061.

What are your thoughts? Have you had problems with spam calls? Ever caught someone dialed into your system that you didn’t know? What more should people be thinking about when it comes to a smooth videoconferencing experience? Let me know your experience and opinions by commenting below or contacting me via email at jscottchristianson@mac.com or on twitter at @JScottMO