Plantronics + Polycom. Now together as Poly Logo

Polycom Group 700 trying to connected to Blacklist IP (198.23.200.241)

mie
Advisor

Polycom Group 700 trying to connected to Blacklist IP (198.23.200.241)

Hi, Poly Team, we received an alert that detected 1 of our Polycom device (10.11.30.11) is trying to connected to (198.23.200.241) which is consider blacklist IP. This connectivity is triggered 1 of the alarm

 

Details as per below.

 

Case Details:

 

Alarm Name

COVID-19_Attack

Case ID

8286

Alarm Date & Time (SL Time – GMT +5.5)

04/26/2021 8:38:41 pm

IP Address (Origin)

10.11.30.11

IP Address (Destination)

198.23.200.241

Port (origin)

22   

Direction

Outbound

Event Count

1

 

System software and serial no details as per attached.

 

Kindly advise us on what troubleshooting that we need.

 

Thanks.

Message 1 of 7
6 REPLIES 6
mie
Advisor

Re: Polycom Group 700 trying to connected to Blacklist IP (198.23.200.241)

Hi, anyone can answer this?

Message 2 of 7
SteffenBaierUK
Polycom Employee & Community Manager

Re: Polycom Group 700 trying to connected to Blacklist IP (198.23.200.241)

Hello @mie ,

 

Welcome back to the Poly Community.


I would suggest you update to a currently supported version like 6.2.2.6

 

If you still see the issue work with your Poly reseller to get this into support.

 

Please ensure to provide some feedback if this reply has helped you so other users can profit from your experience.

Best Regards

Steffen Baier

----------------
The title Polycom Employee & Community Manager is a community setting and does not reflect my role. I am just a simple volunteer in the community like everybody else. My official "day" Job is 3rd Level support at Poly but I am unable to provide official support via the community.

----------------

Notice: This community forum is not an official Poly support resource, thus responses from Poly employees, partners, and customers alike are best-effort in attempts to share learned knowledge. If you need immediate and/or official assistance please open a service ticket through your proper support channels.
Please also ensure you always check the VoIP , Video Endpoint , Skype for Business , PSTN or RPM FAQ's
Message 3 of 7
mie
Advisor

Re: Polycom Group 700 trying to connected to Blacklist IP (198.23.200.241)

Hi Steffen,

 

Thanks for your reply,

 

Before we proceeding to upgrade, there are some questions raised against this by end user. 

They need to understand in detail why the system has been talking to blacklisted IPs, especially the cyber-criminal activities.

 

  1. Which process and executable has initiated the connection?
  2. Is this process and the executable legitimate?
  3. What is the need to communicate with the blacklisted IPs?
  4. Is this a legacy system? Can we limit access to this system only to specific allowed IPs on the Internet?

Appreciate if you can revert on this.

 

Thanks.

 

Message 4 of 7
mie
Advisor

Re: Polycom Group 700 trying to connected to Blacklist IP (198.23.200.241)

Herewith, i'm attached the log file for your reference

SteffenBaierUK
Polycom Employee & Community Manager

Re: Polycom Group 700 trying to connected to Blacklist IP (198.23.200.241)

Hello @mie ,

 

I am just a volunteer in this community like everybody else. If you want an official answer this needs to come into support so our security team can look at this.


Best Regards

Steffen Baier

----------------
The title Polycom Employee & Community Manager is a community setting and does not reflect my role. I am just a simple volunteer in the community like everybody else. My official "day" Job is 3rd Level support at Poly but I am unable to provide official support via the community.

----------------

Notice: This community forum is not an official Poly support resource, thus responses from Poly employees, partners, and customers alike are best-effort in attempts to share learned knowledge. If you need immediate and/or official assistance please open a service ticket through your proper support channels.
Please also ensure you always check the VoIP , Video Endpoint , Skype for Business , PSTN or RPM FAQ's
Message 6 of 7
mie
Advisor

Re: Polycom Group 700 trying to connected to Blacklist IP (198.23.200.241)

Hi Steffen,

 

Thanks, noted that.

 

 

 

Message 7 of 7