There is no reason why short meeting codes + 2-3 sec delay before joining + temporarily banning users who enter more than 10 invalid meeting codes in a row can't work.
There are ways to improve the security without putting on the clients shoulders. A 6 digit room code is fine if a person can only "war dial" 10 tries before being banned for an hour or so.
There's a really good reason why that wouldn't work. There's no reason why a war dialer can't create millions of users. The 2-3 second delay doesn't really accomplish much unless you limit their capacity to have requests pending.
On a large enough level, this would have to be treated the same way as spam traffic currently is. You'd never ban anything smaller than a /64 with IPv6. Getting DOS from a /48 or /56? Ban them, or do exponential back-off for all IPs in the block. It's not that hard for a botnet to get a few hundred thousand IPv4 addresses either, but we haven't taken that as a reason to just roll over. The difference between each IP sending you 1 request / sec and 10000 requests / sec is still profound.
Right, because in one case you'll see thousands of different meeting connection requests for different meetings from one IP, and in the other you'll see thousands of different meeting connection requests for different meetings from one IP.
There is no reason why short meeting codes + 2-3 sec delay before joining + temporarily banning users who enter more than 10 invalid meeting codes in a row can't work.
There are ways to improve the security without putting on the clients shoulders. A 6 digit room code is fine if a person can only "war dial" 10 tries before being banned for an hour or so.