• ×
    Information
    Windows update impacting certain printer icons and names. Microsoft is working on a solution.
    Click here to learn more
    Information
    Need Windows 11 help?
    Check documents on compatibility, FAQs, upgrade information and available fixes.
    Windows 11 Support Center.
  • post a message
  • ×
    Information
    Windows update impacting certain printer icons and names. Microsoft is working on a solution.
    Click here to learn more
    Information
    Need Windows 11 help?
    Check documents on compatibility, FAQs, upgrade information and available fixes.
    Windows 11 Support Center.
  • post a message
Guidelines
The HP Community is where owners of HP products, like you, volunteer to help each other find solutions.
HP Recommended

System details-

RP Group 500

firmware- 6.1.0-310348

 

User is getting strange spam calls that appear to originate from itself in the CDRs-

Ip address of unit is- 10.89.7.2 with a 1:1 public IP 

 

incoming spam call occuring every few minutes-

2240@10.89.7.2 100000@10.89.7.2 1230@10.89.7.2 2240@10.89.7.2 1230@10.89.7.2 2250@10.89.7.2 1230@10.89.7.2 2250@10.89.7.2 100000@10.89.7.2 1230@10.89.7.2 2250@10.89.7.2 2250@10.89.7.2 2260@10.89.7.2 1240@10.89.7.2 100000@10.89.7.2 2260@10.89.7.2 1240@10.89.7.2

 

 

And so on constantly. 

Unit is not registered to any gatekeeper/registrar but service has firewall rules to block all traffic except for three IPs that they use for VMRs. Can anyone advise why and how these calls are still coming through and why the CDRs are giving these strange orginiating addresses?

 

I've already read previous statements from polycom on this and this user is not going to invest in an rpad for a single unit at this site or any sort of vbp but why wouldn't the firewall stop these rules with a total blacklist on traffic except for several specific IP for a bridge?

 

5 REPLIES 5
HP Recommended

I know this is a tired issue but I feel this traffic is behaving strangely. We've got a cisco 3925 router with a deny all traffic to endpoint along with a whitelist for several specific IPs. Can anyone tell me how this traffic is managing to get through and why it shows up with the endpoints own IP? 

HP Recommended

Polycom staff ignoring this?

this was released 2 years ago with limited information and I notice polycom hasn't released anything relating to sip traffic though I highly doubt this is anything rare. 

http://supportdocs.polycom.com/PolycomService/support/global/documents/support/documentation/H_3_2_3...

 

regardless of the message why are the CDRs on the unit giving an originating IP as it's own IP? Is this a bug? Can someone please answer this? 

HP Recommended
 

firmware- 6.1.0-310348

 

User is getting strange spam calls that appear to originate from itself in the CDRs-

Ip address of unit is- 10.89.7.2 with a 1:1 public IP 

 

incoming spam call occuring every few minutes-

2240@10.89.7.2 100000@10.89.7.2 1230@10.89.7.2 2240@10.89.7.2 1230@10.89.7.2 2250@10.89.7.2 1230@10.89.7.2 2250@10.89.7.2 100000@10.89.7.2 1230@10.89.7.2 2250@10.89.7.2 2250@10.89.7.2 2260@10.89.7.2 1240@10.89.7.2 100000@10.89.7.2 2260@10.89.7.2 1240@10.89.7.2

 

And so on constantly. 

Unit is not registered to any gatekeeper/registrar but service has firewall rules to block all traffic except for three IPs that they use for VMRs. Can anyone advise why and how these calls are still coming through and why the CDRs are giving these strange orginiating addresses?

 

I've already read previous statements from polycom on this and this user is not going to invest in an rpad for a single unit at this site or any sort of vbp but why wouldn't the firewall stop these rules with a total blacklist on traffic except for several specific IP for a bridge?

I know this is a tired issue but I feel this traffic is behaving strangely. We've got a cisco 3925 router with a deny all traffic to endpoint along with a whitelist for several specific IPs. Can anyone tell me how this traffic is managing to get through and why it shows up with the endpoints own IP? 

 

regardless of the message why are the CDRs on the unit giving an originating IP as it's own IP? Is this a bug? Can someone please answer this? 

HP Recommended

Hello Steve,

welcome back to the Polycom Community.

Nobody is ignoring you but we are all volunteers and do this in our spare time. In addition there are certain rules that need to be followed:

 

Apr 07,2015 Question: How can I prevent Phantom calls to my Video Solution?

Answer: A local Firewall or a Polycom Firewall traversal solution can be utilized to stop this. In order to add this to a possible future Software version in the form of a whitelist please contact Luriep => here <= or Security Center: Security Bulletin Relating to Worldwide Botnet Dialing H.323-Capable Systems

 

and

 

  • Mar 8, 2012 Question: What kind of support should I expect from the Community?
    Clarification: Please check => here <=

Please work with your Polycom reseller on this. We need a business case for this.

 

Please ensure to provide some feedback if this reply has helped you so other users can profit from your experience.

Best Regards

Steffen Baier

Polycom Global Services

------------------------------------------------
Notice: I am an HP Poly employee but all replies within the community are done as a volunteer outside of my day role. This community forum is not an official HP Poly support resource, thus responses from HP Poly employees, partners, and customers alike are best-effort in attempts to share learned knowledge.
If you need immediate and/or official assistance for former Poly\Plantronics\Polycom please open a service ticket through your support channels
For HP products please check HP Support.

Please also ensure you always check the General VoIP , Video Endpoint , UC Platform (Microsoft) , PSTN
HP Recommended

Since your traffic is coming thru a Cisco 3925, have your posted this question on a Cisco Support Forum or contacted Cisco directly for support in configuring it? 

 

It could be the 3925 is receiving the SIP INVITE with no domain and inserting the destination IP as the embedded domain.  If so, maybe it can be configured to reject the INVITE.

 

A packet capture of the traffic in to/out of the 3925 might help.

† The opinions expressed above are the personal opinions of the authors, not of HP. By using this site, you accept the <a href="https://www8.hp.com/us/en/terms-of-use.html" class="udrlinesmall">Terms of Use</a> and <a href="/t5/custom/page/page-id/hp.rulespage" class="udrlinesmall"> Rules of Participation</a>.