Plantronics + Polycom. Now together as Poly Logo

Group 500 probably infected

Occasional Visitor

Group 500 probably infected

Hi,

one of our RealPresence Group 500 was in the DMZ for some unknown reason for long time with telnet enabled. As it has been moved behind the firewall we found that It has abnormal activity on the lan. It tries to connet random external IPs on port 5555 with over 100 times per second.

Is there any way to kill malware process without hard reset?

 

 

Message 1 of 3
2 REPLIES 2
Polycom Employee & Community Manager

Re: Group 500 probably infected

Hello @Aleksei,

welcome to the Polycom Community.

The first thing you should do is factory restore the unit itself and then monitor it.

 

If someone had access to it for an unknown duration there may still be some backdoor.


Please ensure to provide some feedback if this reply has helped you so other users can profit from your experience.

Best Regards

Steffen Baier

Polycom Global Services




<======== Signature / Disclaimer ========>
Please be aware:For questions about the type of support to expect please check here

Please also ensure you always check the VoIP , Video Endpoint , Skype for Business , PSTN or RPM FAQ's

Please remember, if you see a post that helped you , and it answers your question, please mark it as an "Accept as Solution".

The title Polycom Employee & Community Manager is an automatic setting within the community and any forum reply or post is based upon my personal experience and does not reflect the opinion or view of my employer.
Poly employee participation within this community is not mandatory and any post or FAQ article provided by myself is done either during my working hours or outside working hours, in my private time, and maybe answered on weekends, bank holidays or personal holidays.
Message 2 of 3
Occasional Visitor

Re: Group 500 probably infected

Thank you, SteffenBaierUK! As expected soft reset does't helped but hard reset via pinhole solved the problem.

Message 3 of 3