What This Attacks Means?

Home » Asterisk Users » What This Attacks Means?
Asterisk Users 2 Comments

Hi to everybody

my system is be attack, but I dont know what this means

[May 27 15:12:24] WARNING[26018] chan_skinny.c: Partial data received, waiting (76 bytes read of 786)
[chan_skinny.c] skinny_session[0][C-00000000] skinny_session:
WARNING[May 27 15:52:32] Asterisk 13.8.0 built by root @ asterisk on a x86_64 running Linux on 2016-04-04 19:02:51 UTC
[May 27 15:52:32] NOTICE[2306] cdr.c: CDR simple logging enabled.
[May 27 15:52:32] NOTICE[2306] loader.c: 234 modules will be loaded.
[May 27 15:52:32] WARNING[2306] res_phoneprov.c: Unable to find a valid server address or name.
[May 27 15:52:32] ERROR[2306] ari/config.c: No configured users for ARI
[May 27 15:52:33] NOTICE[2306] chan_skinny.c: Configuring skinny from skinny.conf
[May 27 15:52:33] WARNING[2306] chan_dahdi.c: Ignoring any changes to
‘userbase’ (on reload) at line 23.
[May 27 15:52:33] WARNING[2306] chan_dahdi.c: Ignoring any changes to
‘vmsecret’ (on reload) at line 31.
[May 27 15:52:33] WARNING[2306] chan_dahdi.c: Ignoring any changes to
‘hassip’ (on reload) at line 35.
[May 27 15:52:33] WARNING[2306] chan_dahdi.c: Ignoring any changes to
‘hasiax’ (on reload) at line 39.
[May 27 15:52:33] WARNING[2306] chan_dahdi.c: Ignoring any changes to
‘hasmanager’ (on reload) at line 47.
[May 27 15:52:33] WARNING[2306] chan_sip.c: !!! PLEASE NOTE: Setting
‘nat’ for a peer/user that differs from the global setting can make
[May 27 15:52:33] WARNING[2306] chan_sip.c: !!! the name of that peer/user discoverable by an attacker. Replies for non-existent peers/users
[May 27 15:52:33] WARNING[2306] chan_sip.c: !!! will be sent to a different port than replies for an existing peer/user. If at all possible,
[May 27 15:52:33] WARNING[2306] chan_sip.c: !!! use the global ‘nat’
setting and do not set ‘nat’ per peer/user.
[May 27 15:52:33] WARNING[2306] chan_sip.c: !!! (config category=’132′
global force_rport=’No’ peer/user force_rport=’Yes’)
[May 27 15:52:33] WARNING[2306] chan_sip.c: !!! PLEASE NOTE: Setting
‘nat’ for a peer/user that differs from the global setting can make
[May 27 15:52:33] WARNING[2306] chan_sip.c: !!! the name of that peer/user discoverable by an attacker. Replies for non-existent peers/users
[May 27 15:52:33] WARNING[2306] chan_sip.c: !!! will be sent to a different port than replies for an existing peer/user. If at all possible,
[May 27 15:52:33] WARNING[2306] chan_sip.c: !!! use the global ‘nat’
setting and do not set ‘nat’ per peer/user.
[May 27 15:52:33] WARNING[2306] chan_sip.c: !!! (config category=’133′
global force_rport=’No’ peer/user force_rport=’Yes’)
[May 27 15:52:33] WARNING[2306] chan_sip.c: !!! PLEASE NOTE: Setting
‘nat’ for a peer/user that differs from the global setting can make
[May 27 15:52:33] WARNING[2306] chan_sip.c: !!! the name of that peer/user discoverable by an attacker. Replies for non-existent peers/users
[May 27 15:52:33] WARNING[2306] chan_sip.c: !!! will be sent to a different port than replies for an existing peer/user. If at all possible,
[May 27 15:52:33] WARNING[2306] chan_sip.c: !!! use the global ‘nat’
setting and do not set ‘nat’ per peer/user.
[May 27 15:52:33] WARNING[2306] chan_sip.c: !!! (config category=’134′
global force_rport=’No’ peer/user force_rport=’Yes’)
[May 27 15:52:33] WARNING[2306] chan_sip.c: !!! PLEASE NOTE: Setting
‘nat’ for a peer/user that differs from the global setting can make
[May 27 15:52:33] WARNING[2306] chan_sip.c: !!! the name of that peer/user discoverable by an attacker. Replies for non-existent peers/users
[May 27 15:52:33] WARNING[2306] chan_sip.c: !!! will be sent to a different port than replies for an existing peer/user. If at all possible,
[May 27 15:52:33] WARNING[2306] chan_sip.c: !!! use the global ‘nat’
setting and do not set ‘nat’ per peer/user.
[May 27 15:52:33] WARNING[2306] chan_sip.c: !!! (config category=’135′
global force_rport=’No’ peer/user force_rport=’Yes’)
[May 27 15:52:33] WARNING[2306] chan_sip.c: !!! PLEASE NOTE: Setting
‘nat’ for a peer/user that differs from the global setting can make
[May 27 15:52:33] WARNING[2306] chan_sip.c: !!! the name of that peer/user discoverable by an attacker. Replies for non-existent peers/users
[May 27 15:52:33] WARNING[2306] chan_sip.c: !!! will be sent to a different port than replies for an existing peer/user. If at all possible,
[May 27 15:52:33] WARNING[2306] chan_sip.c: !!! use the global ‘nat’
setting and do not set ‘nat’ per peer/user.
[May 27 15:52:33] WARNING[2306] chan_sip.c: !!! (config category=’136′
global force_rport=’No’ peer/user force_rport=’Yes’)
[May 27 15:52:33] WARNING[2306] chan_sip.c: !!! PLEASE NOTE: Setting
‘nat’ for a peer/user that differs from the global setting can make
[May 27 15:52:33] WARNING[2306] chan_sip.c: !!! the name of that peer/user discoverable by an attacker. Replies for non-existent peers/users
[May 27 15:52:33] WARNING[2306] chan_sip.c: !!! will be sent to a different port than replies for an existing peer/user. If at all possible,
[May 27 15:52:33] WARNING[2306] chan_sip.c: !!! use the global ‘nat’
setting and do not set ‘nat’ per peer/user.
[May 27 15:52:33] WARNING[2306] chan_sip.c: !!! (config category=’1000′ global force_rport=’No’ peer/user force_rport=’Yes’)
[May 27 15:52:33] NOTICE[2306] chan_sip.c: The ‘username’ field for sip peers has been deprecated in favor of the term ‘defaultuser’
[May 27 15:52:33] WARNING[2306] chan_sip.c: !!! PLEASE NOTE: Setting
‘nat’ for a peer/user that differs from the global setting can make
[May 27 15:52:33] WARNING[2306] chan_sip.c: !!! the name of that peer/user discoverable by an attacker. Replies for non-existent peers/users
[May 27 15:52:33] WARNING[2306] chan_sip.c: !!! will be sent to a different port than replies for an existing peer/user. If at all possible,
[May 27 15:52:33] WARNING[2306] chan_sip.c: !!! use the global ‘nat’
setting and do not set ‘nat’ per peer/user.
[May 27 15:52:33] WARNING[2306] chan_sip.c: !!! (config category=’1003′ global force_rport=’No’ peer/user force_rport=’Yes’)
[May 27 15:52:33] WARNING[2306] chan_sip.c: !!! PLEASE NOTE: Setting
‘nat’ for a peer/user that differs from the global setting can make
[May 27 15:52:33] WARNING[2306] chan_sip.c: !!! the name of that peer/user discoverable by an attacker. Replies for non-existent peers/users
[May 27 15:52:33] WARNING[2306] chan_sip.c: !!! will be sent to a different port than replies for an existing peer/user. If at all possible,
[May 27 15:52:33] WARNING[2306] chan_sip.c: !!! use the global ‘nat’
setting and do not set ‘nat’ per peer/user.
[May 27 15:52:33] WARNING[2306] chan_sip.c: !!! (config category=’2000′ global force_rport=’No’ peer/user force_rport=’Yes’)
[May 27 15:52:33] WARNING[2306] chan_sip.c: !!! PLEASE NOTE: Setting
‘nat’ for a peer/user that differs from the global setting can make
[May 27 15:52:33] WARNING[2306] chan_sip.c: !!! the name of that peer/user discoverable by an attacker. Replies for non-existent peers/users

What happen with my Asterisk, and how to protect with this?

Thanks.

2 thoughts on - What This Attacks Means?

  • Your system is not under attack. You have a configuration mismatch between the global SIP nat setting and the per peer/user nat setting for the indicated peer/users. The warning messages are indicating a potential security vulnerability in your configuration for each peer/user and are describing what can happen and what you need to do if those peer/users are exposed to the outside world.

    Your global SIP nat setting is NO for force_rport and several peers are set to YES
    for force_rport.

    In simplest terms only use the global SIP nat setting and do not use the per peer/user nat settings.

    Richard