Plantronics + Polycom. Now together as Poly Logo

Group 500 probably infected

Highlighted
Occasional Visitor

Group 500 probably infected

Hi,

one of our RealPresence Group 500 was in the DMZ for some unknown reason for long time with telnet enabled. As it has been moved behind the firewall we found that It has abnormal activity on the lan. It tries to connet random external IPs on port 5555 with over 100 times per second.

Is there any way to kill malware process without hard reset?

 

 

Message 1 of 3
2 REPLIES 2
Highlighted
Polycom Employee & Community Manager

Re: Group 500 probably infected

Hello @Aleksei,

welcome to the Polycom Community.

The first thing you should do is factory restore the unit itself and then monitor it.

 

If someone had access to it for an unknown duration there may still be some backdoor.


Please ensure to provide some feedback if this reply has helped you so other users can profit from your experience.

Best Regards

Steffen Baier

Polycom Global Services

----------------

Notice: This community forum is not an official Poly support resource, thus responses from Poly employees, partners, and customers alike are best-effort in attempts to share learned knowledge. If you need immediate and/or official assistance please open a service ticket through your proper support channels.
Please also ensure you always check the VoIP , Video Endpoint , Skype for Business , PSTN or RPM FAQ's
Message 2 of 3
Highlighted
Occasional Visitor

Re: Group 500 probably infected

Thank you, SteffenBaierUK! As expected soft reset does't helped but hard reset via pinhole solved the problem.

Message 3 of 3