ShoreTel VPN Concentrator NTP Vulnerability

The ShoreTel VPN Concentrator responds to NTP requests (for remote IP phones), which makes it vulnerable to the NTP DDOS attacks that have been happening lately.  To enable the WAN firewall on the ShoreTel VPN Concentrator (off by default) you must access a hidden menu.

  1. Log into your VPN concentrator, and click “Network” on the left-hand side
  2. Access the hidden firewall menu by changing the URL to page=5
    1. http://192.168.200.100/cgi-bin/config?page=3 change to:
      1. http://192.168.200.100/cgi-bin/config?page=5
  3. Check the box “Enable WAN Firewall
  4. CHECK THE BOXES TO ALLOW HTTP & HTTPS ACCESS THROUGH FIREWALL
    1. This allows you to manage the concentrator via HTTP or HTTPS
  5. Press submit (All current VPN sessions will drop for ~30 seconds)
  6. The concentrator will be unresponsive for 30-60 seconds while it applies, and you are done!
Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s