Plantronics + Polycom. Now together as Poly Logo

UC 5.x software scanning IP's

Frequent Advisor

UC 5.x software scanning IP's

Hi,

 

We're seeing UC 5.4.x software scanning on many VVX phones scanning for connections on a 192.168.1/24 network all the time which is triggering an alert on our firewall. Our phones are all operating normally on our 10.1/16 IP subnet so not connected in any way to a 192.168.1/24 and no configuration obvious to tell us why these are scanning but it's happening all the time. Here's a snippet off our firewall showing a phone scanning several IP's. This is just a chunk, it scans the entire /24 address looking for a connection on port 8162...

 

Any thoughts?

 

Matt

 

Default DROP UDP   10.1.10.140 : 52826 → 192.168.1.10 : 8612 len=44 ttl=127 tos=0x00
Default DROP UDP   10.1.10.140 : 52826 → 192.168.1.11 : 8612 len=44 ttl=127 tos=0x00
Default DROP UDP   10.1.10.140 : 52826 → 192.168.1.12 : 8612 len=44 ttl=127 tos=0x00
Default DROP UDP   10.1.10.140 : 52826 → 192.168.1.13 : 8612 len=44 ttl=127 tos=0x00
Default DROP UDP   10.1.10.140 : 52826 → 192.168.1.14 : 8612 len=44 ttl=127 tos=0x00
Default DROP UDP   10.1.10.140 : 52826 → 192.168.1.15 : 8612 len=44 ttl=127 tos=0x00
Default DROP UDP   10.1.10.140 : 52826 → 192.168.1.16 : 8612 len=44 ttl=127 tos=0x00
Default DROP UDP   10.1.10.140 : 52826 → 192.168.1.17 : 8612 len=44 ttl=127 tos=0x00
Default DROP UDP   10.1.10.140 : 52826 → 192.168.1.18 : 8612 len=44 ttl=127 tos=0x00
Default DROP UDP   10.1.10.140 : 52826 → 192.168.1.19 : 8612 len=44 ttl=127 tos=0x00
Default DROP UDP   10.1.10.140 : 52826 → 192.168.1.20 : 8612 len=44 ttl=127 tos=0x00
Default DROP UDP   10.1.10.140 : 52826 → 192.168.1.21 : 8612 len=44 ttl=127 tos=0x00
Default DROP UDP   10.1.10.140 : 52826 → 192.168.1.22 : 8612 len=44 ttl=127 tos=0x00

 

Message 1 of 13
12 REPLIES 12
Polycom Employee & Community Manager

Re: UC 5.x software scanning IP's

Hello Matt,,

any specific settings on the phone i.e. does a factory defaulted phone also do this ?

Please ensure to provide some feedback if this reply has helped you so other users can profit from your experience.

Best Regards

Steffen Baier

Polycom Global Services

----------------

Notice: This community forum is not an official Poly support resource, thus responses from Poly employees, partners, and customers alike are best-effort in attempts to share learned knowledge. If you need immediate and/or official assistance please open a service ticket through your proper support channels.
Please also ensure you always check the VoIP , Video Endpoint , Skype for Business , PSTN or RPM FAQ's
Message 2 of 13
Frequent Advisor

Re: UC 5.x software scanning IP's

Hi Steffen,

 

I just reconfigured a phone (factory reset) to check and it still does it. We've never had a 192.168.1/24 network defined here so this is obviously coded into the defaults of the phone or FW itself.

 

Thanks,

 

Matt

Message 3 of 13
Frequent Advisor

Re: UC 5.x software scanning IP's

Also just exported config (all except device) + device config and scanned both. No reference to 192.168.1 anywhere.

 

What's somewhat mystifying is why a phone would hunt through an entire /24 to find a device with port 8162 open? That stinks of something nasty in the coding if you ask me.

 

Regards,

 

Matt

Message 4 of 13
Polycom Employee & Community Manager

Re: UC 5.x software scanning IP's

Hello Matt,

 

what kind of config do you use?

 

Best Regards

 

Steffen Baier

----------------

Notice: This community forum is not an official Poly support resource, thus responses from Poly employees, partners, and customers alike are best-effort in attempts to share learned knowledge. If you need immediate and/or official assistance please open a service ticket through your proper support channels.
Please also ensure you always check the VoIP , Video Endpoint , Skype for Business , PSTN or RPM FAQ's
Message 5 of 13
Frequent Advisor

Re: UC 5.x software scanning IP's

Skype for Business profile. Just configured directly on the web gui. Nothing special at all, just sign-in data, default transfer to consultive and region codes + daylight saving. Nothing else, not even enough to bother with a config file.

 

Thanks,

 

Matt

Message 6 of 13
Polycom Employee & Community Manager

Re: UC 5.x software scanning IP's

Hello Matt,

No BToE or anything ?

 

What phone model and what software version?

Please ensure to provide some feedback if this reply has helped you so other users can profit from your experience.

Best Regards

Steffen Baier

Polycom Global Services

----------------

Notice: This community forum is not an official Poly support resource, thus responses from Poly employees, partners, and customers alike are best-effort in attempts to share learned knowledge. If you need immediate and/or official assistance please open a service ticket through your proper support channels.
Please also ensure you always check the VoIP , Video Endpoint , Skype for Business , PSTN or RPM FAQ's
Message 7 of 13
Frequent Advisor

Re: UC 5.x software scanning IP's

Hi Steffen,

 

We're seeing this on all versions of 5.4.x and 5.5.0 (which I'm testing with many problems on SfB) on VVX410 and VVX500 phones. All do exactly the same so I think it's core to the FW.

 

Yes, we are using BToE which is enabled by default - I don't need to configure that. BToE is coupled via daisy-chain LAN cable to desktop PC/docked laptops.

 

Matt

Message 8 of 13
Polycom Employee & Community Manager

Re: UC 5.x software scanning IP's

Hello Matt,

 

quick test using 5.4.4 and I am unable to reproduce this.

 

Next Action: Contact Polycom support


In order to raise a support ticket you need to work with your Polycom reseller as they need to do this for you. In case this is some sort of an Internet discounter please post your phone's MAC address so I can look up who would be able to support you.

Please ensure to provide some feedback if this reply has helped you so other users can profit from your experience.

Best Regards

Steffen Baier

Polycom Global Services

----------------

Notice: This community forum is not an official Poly support resource, thus responses from Poly employees, partners, and customers alike are best-effort in attempts to share learned knowledge. If you need immediate and/or official assistance please open a service ticket through your proper support channels.
Please also ensure you always check the VoIP , Video Endpoint , Skype for Business , PSTN or RPM FAQ's
Message 9 of 13
Frequent Advisor

Re: UC 5.x software scanning IP's

Hi Steffen,

 

Are you running a 192.168.1/16 network on your test environment? If so you're probably not going to see it. You need to be out of that subnet and then watch traffic on your default gateway. It's easy for me to watch, I have hundreds of phones all doing it. The duration between scans ranges from a few minutes to several hours between repeat but obviously with many phones, I'm seeing a constant stream of scans.

 

I'm about to test 5.4.5 but I'm not holding out any hope that this has changed. It's in all 5.4* and 5.5 FW so it's definitely core to v.5

 

I've raised a ticket. I have many phones in warranty so raised it as a device failure, RMA required. Hopefully they pick up and start looking soon.

 

Matt

Message 10 of 13