Group 500 probably infected

Occasional Visitor

Group 500 probably infected

Hi,

one of our RealPresence Group 500 was in the DMZ for some unknown reason for long time with telnet enabled. As it has been moved behind the firewall we found that It has abnormal activity on the lan. It tries to connet random external IPs on port 5555 with over 100 times per second.

Is there any way to kill malware process without hard reset?

 

 

Message 1 of 3
2 REPLIES
Highlighted
Polycom Employee & Community Manager

Re: Group 500 probably infected

Hello @Aleksei,

welcome to the Polycom Community.

The first thing you should do is factory restore the unit itself and then monitor it.

 

If someone had access to it for an unknown duration there may still be some backdoor.


Please ensure to provide some feedback if this reply has helped you so other users can profit from your experience.

Best Regards

Steffen Baier

Polycom Global Services

Please be aware:

The purpose of these forums is to allow community members collaborate and help each other.
Questions posted here do not follow Polycom’s SLA guidelines.
If you require assistance from Polycom technical support, please open a
web service request or call us .

The above is necessary in order to track issue internally within Polycom.

You are welcome to post more questions or configuration or logs for other community members to look at but if your issue requires a fix via Polycom you must go via the official support structure.

Please ensure you always check the VoIP , Video Endpoint , Skype for Business , PSTN or RPM FAQ's

Please remember, if you see a post that helped you , and it answers your question, please mark it as an "Accept as Solution".

This forum reply or post is based upon my personal experience and does not reflect the opinion or view of my employer.
Polycom employee participation within this community is not mandatory and any post or FAQ article provided by myself is done either during my working hours or outside working hours, in my private time, and may be answered on weekends, bank holidays or personal holidays.
Message 2 of 3
Occasional Visitor

Re: Group 500 probably infected

Thank you, SteffenBaierUK! As expected soft reset does't helped but hard reset via pinhole solved the problem.

Message 3 of 3