• ×
    Information
    Need Windows 11 help?
    Check documents on compatibility, FAQs, upgrade information and available fixes.
    Windows 11 Support Center.
  • post a message
  • ×
    Information
    Need Windows 11 help?
    Check documents on compatibility, FAQs, upgrade information and available fixes.
    Windows 11 Support Center.
  • post a message
Guidelines
The Poly Phones Knowledge Base is live! We look forward to helping you with common issues and troubleshooting advice!

‎08-01-2025 03:47 PM

HP Recommended

We have noticed a strange/suspicious activity from a VVX 400 phone (on a public network) running latest firmwaver version 5.9.8.5760.

There are several  outbound international calls that seem to be initiated from the phone (with noone actually dialing/pressing any button or being even near the phone) going towards our SBC/PBX.

 

 

We do have in the config ghost call prevention parameters:

Spoiler
<voIpProt.SIP.requestValidation voIpProt.SIP.requestValidation.1.method="source" voIpProt.SIP.requestValidation.1.request="INVITE" />

Note  we haven't added the other parameter

voIpProt.SIP.strictUserValidation="1"

 

Thus we don't see incoming sipvicious calls on that phone (log show one of such inbound calls blocked with 400 Bad Request, as expected)

 

I've checked logs on our PBX (Broadsoft), calls are not initiated by some call forwarding or other features. Unfortunately   

it's the first time I've seen outbound INVITE with no clear reason to initiate.

 

Logs form the phone show

Spoiler
URL call. Dialed String (phone's WAN IP)
[CInvite]: szDest - sip:00...@WANIP
...

app1 |2|00|[AppCallC::Call] desType[1] Des=[sip:00...@WANIP] Display=[sip:00@WANIP], DialPlan=0, dialSource=12

I've also noticed REFER messages from public that seem to be applying forwarding

REFER sip:00..@WANIP or REFER sip:011...@WANIP

 

Do you have any suggestion how that outbound  URL call could have been initiated? Perhaps some other sipvicious tool?

And how could we prevent those calls?

 

Thank you!

 

Reply
4 REPLIES 4

‎08-01-2025 06:03 PM

HP Recommended

HI @Voiponaught2024 , Welcome to Poly HP Support Community.
 

It looks like this may need direct support from our technical team. I encourage you to contact HP Support, where our engineers can take a closer look and help sort it out. You’ll find the contact link below.
https://support.hp.com/us-en/poly
 

If you would like to thank us for our efforts to help you, go to the public post and give us a virtual high-five by clicking on "Yes" for the question "Was this reply helpful?" below my message, followed by clicking on the "Accept as solution" on my public post.

 

Regards,

Salman

Reply
Was this reply helpful? Yes No

‎08-04-2025 09:36 AM

HP Recommended

Thank you for quick response!

 

I will try to open the ticket, however if it's a known issue/vulnerability for VVX phones, community would benefit from knowing about it and a solution.

Reply
Was this reply helpful? Yes No

‎08-04-2025 10:22 AM

HP Recommended

Hello @Voiponaught2024 ,

 

Welcome back to the HP Poly community.

 

I doubt you will receive support on a VVX 400 as it is end of sales and end of support.

 

The VoIP FAQ has:

 

Oct 24 2014 Question: How can I prevent Ghost calls or tools like sipvicious or nuisance Cisco calls ringing my phone?

Resolution: Please check => here <= or Security Center: Security Bulletin Relating to Worldwide Botnet Dialing H.323-Capable Systems

 

Best Regards

 

Steffen Baier

------------------------------------------------
Notice: I am an HP Poly employee but all replies within the community are done as a volunteer outside of my day role. This community forum is not an official HP Poly support resource, thus responses from HP Poly employees, partners, and customers alike are best-effort in attempts to share learned knowledge.
If you need immediate and/or official assistance for former Poly\Plantronics\Polycom please open a service ticket through your support channels
For HP products please check HP Support.

Please also ensure you always check the General VoIP , Video Endpoint , UC Platform (Microsoft) , PSTN
Reply
Was this reply helpful? Yes No

‎08-04-2025 11:13 AM

HP Recommended

Hi, Steffen!

 

Thank you for response! I've read the article about inbound sipvicious/ghost calls (and we have one of the parameters that actually prevent inbound calls), the challenge/confusion is outbound calls somehow initiated by this phone (it's actually VVX401 which is newer, also another phone on similar public connection has experienced similar bahaviour at the same time). I'm wondering if you have experience anything like outbound ghost calls from a VVX (or a newer) phone?

 

The 2nd article is helpful for general knowledge, but seems to be about H323.

 

Reply
Was this reply helpful? Yes No
† The opinions expressed above are the personal opinions of the authors, not of HP. By using this site, you accept the Terms of Use and Rules of Participation.
Didn't find what you were looking for? Ask the community
† The opinions expressed above are the personal opinions of the authors, not of HP. By using this site, you accept the <a href="https://www8.hp.com/us/en/terms-of-use.html" class="udrlinesmall">Terms of Use</a> and <a href="/t5/custom/page/page-id/hp.rulespage" class="udrlinesmall"> Rules of Participation</a>.