Avaya Bulletin 161 Can't Connect to IP Office Manager after applying! 2

[Malcz86]

Hello,

Our IP Office Manager system got hacked a few weeks ago, numerous calls made to overseas numbers. We found "IP Office Technical Bulletin 161" which we suspect might have been what happened.

Went through the file and applied the changes, sent the config, system rebooted all phones worked, no problems, but now we can not connect to the IP Office Manager. When we click to Open a configuration the correct system is shown, we select open, enter the password then get a "Network error - failed to communicate with IP Office". Have tried the Administrator login, a custom login used for updating the system and the security login all the same.

We reset all the passwords whilst following the bulletin, but is it even getting to authenticate?

Any ideas would be appreciated.

Is it possible to restore a backup config file through the serial port on the IP office? or is there a easier solution.

 

[sizbut]

So its secure now - that's the point!

Kidding. Haven't read the bulletin in full but know suspect that you need to look in Manager at File | Preferences | Security and set Manager to also use secure comms and certificate checking.

Meanwhile, does access to the security settings still work using the security administrator account.

You can't do the config via DTE but you can default all the security settings without altering the config.

Stuck in a never ending cycle of file copying.

 

[Gunnaro]

You probably blocked off these ports (And it's a good thing you did that):

50802 TCP - Discovery
50804 TCP - IP Office configuration settings access.
50812 TCP - security settings access.

If you used the built-in IPO firewall, you can't connect through WAN port any more.
And if you need to use that kind of access in the future, you need to add some custom rules to the firewall profile.

Name: Discovery
<Your remote IP addr + Mask>
<Your IPO IP addr + Mask>
IP Protocol: 6
Match Offset: 22
Match Length: 2
Direction: In
Match Data: C672
Match Mask: FFFF

Name: Manager
<Your remote IP addr + Mask>
<Your IPO IP addr + Mask>
IP Protocol: 6
Match Offset: 22
Match Length: 2
Direction: In
Match Data: C674
Match Mask: FFFF

Name: Security (if you don't have to, leave it out)
<Your remote IP addr + Mask>
<Your IPO IP addr + Mask>
IP Protocol: 6
Match Offset: 22
Match Length: 2
Direction: In
Match Data: C67C
Match Mask: FFFF

Kind regards

Gunnar
__________________________________________________________________
Hippos have bad eyesight, but considering their weight, it’s hardly their problem

 

[Malcz86]

I've tried setting the secure connection but has made no difference.

The firewall execeptions sound likely but how do I add firewall exceptions if I can't get into the manager?

Can not access the security login either.

 

[Gunnaro]

The IPO Firewall is only on the LAN2 (WAN) port, so you should be able to connect without problems on LAN.

If you are on the LAN side, that error message could indicate that here is an IP conflict in your network, or that your computer firewall is blocking.

Kind regards

Gunnar
__________________________________________________________________
Hippos have bad eyesight, but considering their weight, it’s hardly their problem