VMR PIN brute force attack resistance

Common attacks on videoconferencing systems include rogue calls — such as Spam Over Internet Telephony (SPIT) or toll fraud call attempts — that are targeted at an organizations SIP (or, more rarely, H.323) infrastructure.

To mitigate such attacks, the Pexip Service platform has an attack prevention layer built in to the call control platform. In addition to this Pexip also provides PIN brute force resistance and on all VMRs.

The current blocking policies on PIN attacks are as follows:

  • 5 is the maximum attempts for web/desktop app users
  • 3 is the maximum attempts for SIP/H.323/Skype connections

If more than 20 incorrect PIN entry attempts are made against that VMR in a 10 minute window this will block the VMR. While blocked, it will appear to any callers as though the VMR/alias does not exist any longer and calls to this VMR will fail.