Reply
Highlighted
Occasional Visitor
Posts: 3
0
Accepted Solution

Login brute force attempts

Hi,

 

Everytime I log into my Polycom RealPresence Group 500, I have a nasty message saying something like:

Last successful login: Tuesday, June 09 2015 4:28 PM aa.bb.cc.98
Number of failed attempts: 11712

 

I placed the polycom behind a bridging firewall and blocked tcp ports 22, 80 and 443 but I'm still getting these messages.

 

What other ports should I block to avoid bad guys trying to log into my codec?

 

Thanks a lot,

Guillaume

Respected Contributor
Posts: 261
0

Re: Login brute force attempts

Try blocking 23 and 24 as a test.... 

 

With that kind of count, you should be able to put a sniffer in place and catch it quickly..

 

btw, what version of GS are you running ?

 

Gary M

Wanna' Test your H.323 System? (71.14.2.157 or 71.14.2.158)
cb157.miyakawa.us and cb158.miyakawa.us
www.miyakawa.us
www.codecsidekick.com
Occasional Visitor
Posts: 3
0

Re: Login brute force attempts

Thanks Gary, I'm using a RealPresence Group 500, Hardware version 10, System Software Release - 4.2.0-11309.

 

ok, I blocked ports 23 and 24, I even tried blocking all inbound traffic and logging all outside traffic and all I saw was NTP (udp/23) traffic coming from the codec.

 

I then reseted the failed attempts, blocked/logged all traffic for one minute, and the number of failed attempts was 12. I'm must admit that I'm thoroughly confused... Does the number of failed attempts since last login is the number of wrong passwords entered or something entirely else?

 

Thanks,

Guillaume

Occasional Visitor
Posts: 3
0

Re: Login brute force attempts

I finally found the solution! The login attemps were made through the serial port by an AMX processor that controls the camera.

 

That's why blocking IP connections didn't change anything.

 

I changed //Admin Setting/General Settings/Serial Ports/Serial Port Option/Login Mode to None and it solved the problem.