asterisk users - May 2016 - What this attacks means?

Hi to everybody

my system is be attack, but I dont know what this means

[May 27 15:12:24] WARNING[26018] chan_skinny.c: Partial data received,
waiting (76 bytes read of 786)
[chan_skinny.c] skinny_session[0][C-00000000] skinny_session:
WARNING[May 27 15:52:32] Asterisk 13.8.0 built by root @ asterisk on a
x86_64 running Linux on 2016-04-04 19:02:51 UTC
[May 27 15:52:32] NOTICE[2306] cdr.c: CDR simple logging enabled.
[May 27 15:52:32] NOTICE[2306] loader.c: 234 modules will be loaded.
[May 27 15:52:32] WARNING[2306] res_phoneprov.c: Unable to find a
valid server address or name.
[May 27 15:52:32] ERROR[2306] ari/config.c: No configured users for ARI
[May 27 15:52:33] NOTICE[2306] chan_skinny.c: Configuring skinny from
skinny.conf
[May 27 15:52:33] WARNING[2306] chan_dahdi.c: Ignoring any changes to
'userbase' (on reload) at line 23.
[May 27 15:52:33] WARNING[2306] chan_dahdi.c: Ignoring any changes to
'vmsecret' (on reload) at line 31.
[May 27 15:52:33] WARNING[2306] chan_dahdi.c: Ignoring any changes to
'hassip' (on reload) at line 35.
[May 27 15:52:33] WARNING[2306] chan_dahdi.c: Ignoring any changes to
'hasiax' (on reload) at line 39.
[May 27 15:52:33] WARNING[2306] chan_dahdi.c: Ignoring any changes to
'hasmanager' (on reload) at line 47.
[May 27 15:52:33] WARNING[2306] chan_sip.c: !!! PLEASE NOTE: Setting
'nat' for a peer/user that differs from the  global setting can make
[May 27 15:52:33] WARNING[2306] chan_sip.c: !!! the name of that
peer/user discoverable by an attacker. Replies for non-existent
peers/users
[May 27 15:52:33] WARNING[2306] chan_sip.c: !!! will be sent to a
different port than replies for an existing peer/user. If at all
possible,
[May 27 15:52:33] WARNING[2306] chan_sip.c: !!! use the global 'nat'
setting and do not set 'nat' per peer/user.
[May 27 15:52:33] WARNING[2306] chan_sip.c: !!! (config category='132'
global force_rport='No' peer/user force_rport='Yes')
[May 27 15:52:33] WARNING[2306] chan_sip.c: !!! PLEASE NOTE: Setting
'nat' for a peer/user that differs from the  global setting can make
[May 27 15:52:33] WARNING[2306] chan_sip.c: !!! the name of that
peer/user discoverable by an attacker. Replies for non-existent
peers/users
[May 27 15:52:33] WARNING[2306] chan_sip.c: !!! will be sent to a
different port than replies for an existing peer/user. If at all
possible,
[May 27 15:52:33] WARNING[2306] chan_sip.c: !!! use the global 'nat'
setting and do not set 'nat' per peer/user.
[May 27 15:52:33] WARNING[2306] chan_sip.c: !!! (config category='133'
global force_rport='No' peer/user force_rport='Yes')
[May 27 15:52:33] WARNING[2306] chan_sip.c: !!! PLEASE NOTE: Setting
'nat' for a peer/user that differs from the  global setting can make
[May 27 15:52:33] WARNING[2306] chan_sip.c: !!! the name of that
peer/user discoverable by an attacker. Replies for non-existent
peers/users
[May 27 15:52:33] WARNING[2306] chan_sip.c: !!! will be sent to a
different port than replies for an existing peer/user. If at all
possible,
[May 27 15:52:33] WARNING[2306] chan_sip.c: !!! use the global 'nat'
setting and do not set 'nat' per peer/user.
[May 27 15:52:33] WARNING[2306] chan_sip.c: !!! (config category='134'
global force_rport='No' peer/user force_rport='Yes')
[May 27 15:52:33] WARNING[2306] chan_sip.c: !!! PLEASE NOTE: Setting
'nat' for a peer/user that differs from the  global setting can make
[May 27 15:52:33] WARNING[2306] chan_sip.c: !!! the name of that
peer/user discoverable by an attacker. Replies for non-existent
peers/users
[May 27 15:52:33] WARNING[2306] chan_sip.c: !!! will be sent to a
different port than replies for an existing peer/user. If at all
possible,
[May 27 15:52:33] WARNING[2306] chan_sip.c: !!! use the global 'nat'
setting and do not set 'nat' per peer/user.
[May 27 15:52:33] WARNING[2306] chan_sip.c: !!! (config category='135'
global force_rport='No' peer/user force_rport='Yes')
[May 27 15:52:33] WARNING[2306] chan_sip.c: !!! PLEASE NOTE: Setting
'nat' for a peer/user that differs from the  global setting can make
[May 27 15:52:33] WARNING[2306] chan_sip.c: !!! the name of that
peer/user discoverable by an attacker. Replies for non-existent
peers/users
[May 27 15:52:33] WARNING[2306] chan_sip.c: !!! will be sent to a
different port than replies for an existing peer/user. If at all
possible,
[May 27 15:52:33] WARNING[2306] chan_sip.c: !!! use the global 'nat'
setting and do not set 'nat' per peer/user.
[May 27 15:52:33] WARNING[2306] chan_sip.c: !!! (config category='136'
global force_rport='No' peer/user force_rport='Yes')
[May 27 15:52:33] WARNING[2306] chan_sip.c: !!! PLEASE NOTE: Setting
'nat' for a peer/user that differs from the  global setting can make
[May 27 15:52:33] WARNING[2306] chan_sip.c: !!! the name of that
peer/user discoverable by an attacker. Replies for non-existent
peers/users
[May 27 15:52:33] WARNING[2306] chan_sip.c: !!! will be sent to a
different port than replies for an existing peer/user. If at all
possible,
[May 27 15:52:33] WARNING[2306] chan_sip.c: !!! use the global 'nat'
setting and do not set 'nat' per peer/user.
[May 27 15:52:33] WARNING[2306] chan_sip.c: !!! (config
category='1000' global force_rport='No' peer/user
force_rport='Yes')
[May 27 15:52:33] NOTICE[2306] chan_sip.c: The 'username' field for
sip peers has been deprecated in favor of the term 'defaultuser'
[May 27 15:52:33] WARNING[2306] chan_sip.c: !!! PLEASE NOTE: Setting
'nat' for a peer/user that differs from the  global setting can make
[May 27 15:52:33] WARNING[2306] chan_sip.c: !!! the name of that
peer/user discoverable by an attacker. Replies for non-existent
peers/users
[May 27 15:52:33] WARNING[2306] chan_sip.c: !!! will be sent to a
different port than replies for an existing peer/user. If at all
possible,
[May 27 15:52:33] WARNING[2306] chan_sip.c: !!! use the global 'nat'
setting and do not set 'nat' per peer/user.
[May 27 15:52:33] WARNING[2306] chan_sip.c: !!! (config
category='1003' global force_rport='No' peer/user
force_rport='Yes')
[May 27 15:52:33] WARNING[2306] chan_sip.c: !!! PLEASE NOTE: Setting
'nat' for a peer/user that differs from the  global setting can make
[May 27 15:52:33] WARNING[2306] chan_sip.c: !!! the name of that
peer/user discoverable by an attacker. Replies for non-existent
peers/users
[May 27 15:52:33] WARNING[2306] chan_sip.c: !!! will be sent to a
different port than replies for an existing peer/user. If at all
possible,
[May 27 15:52:33] WARNING[2306] chan_sip.c: !!! use the global 'nat'
setting and do not set 'nat' per peer/user.
[May 27 15:52:33] WARNING[2306] chan_sip.c: !!! (config
category='2000' global force_rport='No' peer/user
force_rport='Yes')
[May 27 15:52:33] WARNING[2306] chan_sip.c: !!! PLEASE NOTE: Setting
'nat' for a peer/user that differs from the  global setting can make
[May 27 15:52:33] WARNING[2306] chan_sip.c: !!! the name of that
peer/user discoverable by an attacker. Replies for non-existent
peers/users

What happen with my Asterisk, and how to protect with this?

Thanks.

On Fri, May 27, 2016 at 5:28 PM, Vitor Mazuco <vitor.mazuco at gmail.com>
wrote:
> Hi to everybody
>
> my system is be attack, but I dont know what this means
>
<snip>
>
> [May 27 15:52:33] WARNING[2306] chan_sip.c: !!! PLEASE NOTE: Setting
> 'nat' for a peer/user that differs from the  global setting can
make
> [May 27 15:52:33] WARNING[2306] chan_sip.c: !!! the name of that
> peer/user discoverable by an attacker. Replies for non-existent
> peers/users
> [May 27 15:52:33] WARNING[2306] chan_sip.c: !!! will be sent to a
> different port than replies for an existing peer/user. If at all
> possible,
> [May 27 15:52:33] WARNING[2306] chan_sip.c: !!! use the global
'nat'
> setting and do not set 'nat' per peer/user.
> [May 27 15:52:33] WARNING[2306] chan_sip.c: !!! (config
category='132'
> global force_rport='No' peer/user force_rport='Yes')
>

> [May 27 15:52:33] WARNING[2306] chan_sip.c: !!! PLEASE NOTE: Setting
> 'nat' for a peer/user that differs from the  global setting can
make
> [May 27 15:52:33] WARNING[2306] chan_sip.c: !!! the name of that
> peer/user discoverable by an attacker. Replies for non-existent
> peers/users
> [May 27 15:52:33] WARNING[2306] chan_sip.c: !!! will be sent to a
> different port than replies for an existing peer/user. If at all
> possible,
> [May 27 15:52:33] WARNING[2306] chan_sip.c: !!! use the global
'nat'
> setting and do not set 'nat' per peer/user.
> [May 27 15:52:33] WARNING[2306] chan_sip.c: !!! (config
category='133'
> global force_rport='No' peer/user force_rport='Yes')
>

> [May 27 15:52:33] WARNING[2306] chan_sip.c: !!! PLEASE NOTE: Setting
> 'nat' for a peer/user that differs from the  global setting can
make
> [May 27 15:52:33] WARNING[2306] chan_sip.c: !!! the name of that
> peer/user discoverable by an attacker. Replies for non-existent
> peers/users
> [May 27 15:52:33] WARNING[2306] chan_sip.c: !!! will be sent to a
> different port than replies for an existing peer/user. If at all
> possible,
> [May 27 15:52:33] WARNING[2306] chan_sip.c: !!! use the global
'nat'
> setting and do not set 'nat' per peer/user.
> [May 27 15:52:33] WARNING[2306] chan_sip.c: !!! (config
category='134'
> global force_rport='No' peer/user force_rport='Yes')
>

> [May 27 15:52:33] WARNING[2306] chan_sip.c: !!! PLEASE NOTE: Setting
> 'nat' for a peer/user that differs from the  global setting can
make
> [May 27 15:52:33] WARNING[2306] chan_sip.c: !!! the name of that
> peer/user discoverable by an attacker. Replies for non-existent
> peers/users
> [May 27 15:52:33] WARNING[2306] chan_sip.c: !!! will be sent to a
> different port than replies for an existing peer/user. If at all
> possible,
> [May 27 15:52:33] WARNING[2306] chan_sip.c: !!! use the global
'nat'
> setting and do not set 'nat' per peer/user.
> [May 27 15:52:33] WARNING[2306] chan_sip.c: !!! (config
category='135'
> global force_rport='No' peer/user force_rport='Yes')
>

> [May 27 15:52:33] WARNING[2306] chan_sip.c: !!! PLEASE NOTE: Setting
> 'nat' for a peer/user that differs from the  global setting can
make
> [May 27 15:52:33] WARNING[2306] chan_sip.c: !!! the name of that
> peer/user discoverable by an attacker. Replies for non-existent
> peers/users
> [May 27 15:52:33] WARNING[2306] chan_sip.c: !!! will be sent to a
> different port than replies for an existing peer/user. If at all
> possible,
> [May 27 15:52:33] WARNING[2306] chan_sip.c: !!! use the global
'nat'
> setting and do not set 'nat' per peer/user.
> [May 27 15:52:33] WARNING[2306] chan_sip.c: !!! (config
category='136'
> global force_rport='No' peer/user force_rport='Yes')
>

> [May 27 15:52:33] WARNING[2306] chan_sip.c: !!! PLEASE NOTE: Setting
> 'nat' for a peer/user that differs from the  global setting can
make
> [May 27 15:52:33] WARNING[2306] chan_sip.c: !!! the name of that
> peer/user discoverable by an attacker. Replies for non-existent
> peers/users
> [May 27 15:52:33] WARNING[2306] chan_sip.c: !!! will be sent to a
> different port than replies for an existing peer/user. If at all
> possible,
> [May 27 15:52:33] WARNING[2306] chan_sip.c: !!! use the global
'nat'
> setting and do not set 'nat' per peer/user.
> [May 27 15:52:33] WARNING[2306] chan_sip.c: !!! (config
> category='1000' global force_rport='No' peer/user
force_rport='Yes')
> [May 27 15:52:33] NOTICE[2306] chan_sip.c: The 'username' field for
> sip peers has been deprecated in favor of the term 'defaultuser'
>

> [May 27 15:52:33] WARNING[2306] chan_sip.c: !!! PLEASE NOTE: Setting
> 'nat' for a peer/user that differs from the  global setting can
make
> [May 27 15:52:33] WARNING[2306] chan_sip.c: !!! the name of that
> peer/user discoverable by an attacker. Replies for non-existent
> peers/users
> [May 27 15:52:33] WARNING[2306] chan_sip.c: !!! will be sent to a
> different port than replies for an existing peer/user. If at all
> possible,
> [May 27 15:52:33] WARNING[2306] chan_sip.c: !!! use the global
'nat'
> setting and do not set 'nat' per peer/user.
> [May 27 15:52:33] WARNING[2306] chan_sip.c: !!! (config
> category='1003' global force_rport='No' peer/user
force_rport='Yes')
>

> [May 27 15:52:33] WARNING[2306] chan_sip.c: !!! PLEASE NOTE: Setting
> 'nat' for a peer/user that differs from the  global setting can
make
> [May 27 15:52:33] WARNING[2306] chan_sip.c: !!! the name of that
> peer/user discoverable by an attacker. Replies for non-existent
> peers/users
> [May 27 15:52:33] WARNING[2306] chan_sip.c: !!! will be sent to a
> different port than replies for an existing peer/user. If at all
> possible,
> [May 27 15:52:33] WARNING[2306] chan_sip.c: !!! use the global
'nat'
> setting and do not set 'nat' per peer/user.
> [May 27 15:52:33] WARNING[2306] chan_sip.c: !!! (config
> category='2000' global force_rport='No' peer/user
force_rport='Yes')
>

> [May 27 15:52:33] WARNING[2306] chan_sip.c: !!! PLEASE NOTE: Setting
> 'nat' for a peer/user that differs from the  global setting can
make
> [May 27 15:52:33] WARNING[2306] chan_sip.c: !!! the name of that
> peer/user discoverable by an attacker. Replies for non-existent
> peers/users
>
> What happen with my Asterisk, and how to protect with this?
>
Your system is not under attack.  You have a configuration mismatch between
the
global SIP nat setting and the per peer/user nat setting for the indicated
peer/users.
The warning messages are indicating a potential security vulnerability in
your
configuration for each peer/user and are describing what can happen and
what you
need to do if those peer/users are exposed to the outside world.

Your global SIP nat setting is NO for force_rport and several peers are set
to YES
for force_rport.

In simplest terms only use the global SIP nat setting and do not use the
per peer/user
nat settings.

Richard
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://lists.digium.com/pipermail/asterisk-users/attachments/20160527/4a729c53/attachment.html>

humm, ok.

Thanks very much

2016-05-27 19:56 GMT-03:00, Richard Mudgett <rmudgett at
digium.com>:
> On Fri, May 27, 2016 at 5:28 PM, Vitor Mazuco <vitor.mazuco at
gmail.com>
> wrote:
>
>> Hi to everybody
>>
>> my system is be attack, but I dont know what this means
>>
>
> <snip>
>
>>
>> [May 27 15:52:33] WARNING[2306] chan_sip.c: !!! PLEASE NOTE: Setting
>> 'nat' for a peer/user that differs from the  global setting can
make
>> [May 27 15:52:33] WARNING[2306] chan_sip.c: !!! the name of that
>> peer/user discoverable by an attacker. Replies for non-existent
>> peers/users
>> [May 27 15:52:33] WARNING[2306] chan_sip.c: !!! will be sent to a
>> different port than replies for an existing peer/user. If at all
>> possible,
>> [May 27 15:52:33] WARNING[2306] chan_sip.c: !!! use the global
'nat'
>> setting and do not set 'nat' per peer/user.
>> [May 27 15:52:33] WARNING[2306] chan_sip.c: !!! (config
category='132'
>> global force_rport='No' peer/user force_rport='Yes')
>>
>
>
>
>> [May 27 15:52:33] WARNING[2306] chan_sip.c: !!! PLEASE NOTE: Setting
>> 'nat' for a peer/user that differs from the  global setting can
make
>> [May 27 15:52:33] WARNING[2306] chan_sip.c: !!! the name of that
>> peer/user discoverable by an attacker. Replies for non-existent
>> peers/users
>> [May 27 15:52:33] WARNING[2306] chan_sip.c: !!! will be sent to a
>> different port than replies for an existing peer/user. If at all
>> possible,
>> [May 27 15:52:33] WARNING[2306] chan_sip.c: !!! use the global
'nat'
>> setting and do not set 'nat' per peer/user.
>> [May 27 15:52:33] WARNING[2306] chan_sip.c: !!! (config
category='133'
>> global force_rport='No' peer/user force_rport='Yes')
>>
>
>
>
>> [May 27 15:52:33] WARNING[2306] chan_sip.c: !!! PLEASE NOTE: Setting
>> 'nat' for a peer/user that differs from the  global setting can
make
>> [May 27 15:52:33] WARNING[2306] chan_sip.c: !!! the name of that
>> peer/user discoverable by an attacker. Replies for non-existent
>> peers/users
>> [May 27 15:52:33] WARNING[2306] chan_sip.c: !!! will be sent to a
>> different port than replies for an existing peer/user. If at all
>> possible,
>> [May 27 15:52:33] WARNING[2306] chan_sip.c: !!! use the global
'nat'
>> setting and do not set 'nat' per peer/user.
>> [May 27 15:52:33] WARNING[2306] chan_sip.c: !!! (config
category='134'
>> global force_rport='No' peer/user force_rport='Yes')
>>
>
>
>
>> [May 27 15:52:33] WARNING[2306] chan_sip.c: !!! PLEASE NOTE: Setting
>> 'nat' for a peer/user that differs from the  global setting can
make
>> [May 27 15:52:33] WARNING[2306] chan_sip.c: !!! the name of that
>> peer/user discoverable by an attacker. Replies for non-existent
>> peers/users
>> [May 27 15:52:33] WARNING[2306] chan_sip.c: !!! will be sent to a
>> different port than replies for an existing peer/user. If at all
>> possible,
>> [May 27 15:52:33] WARNING[2306] chan_sip.c: !!! use the global
'nat'
>> setting and do not set 'nat' per peer/user.
>> [May 27 15:52:33] WARNING[2306] chan_sip.c: !!! (config
category='135'
>> global force_rport='No' peer/user force_rport='Yes')
>>
>
>
>
>> [May 27 15:52:33] WARNING[2306] chan_sip.c: !!! PLEASE NOTE: Setting
>> 'nat' for a peer/user that differs from the  global setting can
make
>> [May 27 15:52:33] WARNING[2306] chan_sip.c: !!! the name of that
>> peer/user discoverable by an attacker. Replies for non-existent
>> peers/users
>> [May 27 15:52:33] WARNING[2306] chan_sip.c: !!! will be sent to a
>> different port than replies for an existing peer/user. If at all
>> possible,
>> [May 27 15:52:33] WARNING[2306] chan_sip.c: !!! use the global
'nat'
>> setting and do not set 'nat' per peer/user.
>> [May 27 15:52:33] WARNING[2306] chan_sip.c: !!! (config
category='136'
>> global force_rport='No' peer/user force_rport='Yes')
>>
>
>
>
>> [May 27 15:52:33] WARNING[2306] chan_sip.c: !!! PLEASE NOTE: Setting
>> 'nat' for a peer/user that differs from the  global setting can
make
>> [May 27 15:52:33] WARNING[2306] chan_sip.c: !!! the name of that
>> peer/user discoverable by an attacker. Replies for non-existent
>> peers/users
>> [May 27 15:52:33] WARNING[2306] chan_sip.c: !!! will be sent to a
>> different port than replies for an existing peer/user. If at all
>> possible,
>> [May 27 15:52:33] WARNING[2306] chan_sip.c: !!! use the global
'nat'
>> setting and do not set 'nat' per peer/user.
>> [May 27 15:52:33] WARNING[2306] chan_sip.c: !!! (config
>> category='1000' global force_rport='No' peer/user
force_rport='Yes')
>> [May 27 15:52:33] NOTICE[2306] chan_sip.c: The 'username' field
for
>> sip peers has been deprecated in favor of the term
'defaultuser'
>>
>
>
>
>> [May 27 15:52:33] WARNING[2306] chan_sip.c: !!! PLEASE NOTE: Setting
>> 'nat' for a peer/user that differs from the  global setting can
make
>> [May 27 15:52:33] WARNING[2306] chan_sip.c: !!! the name of that
>> peer/user discoverable by an attacker. Replies for non-existent
>> peers/users
>> [May 27 15:52:33] WARNING[2306] chan_sip.c: !!! will be sent to a
>> different port than replies for an existing peer/user. If at all
>> possible,
>> [May 27 15:52:33] WARNING[2306] chan_sip.c: !!! use the global
'nat'
>> setting and do not set 'nat' per peer/user.
>> [May 27 15:52:33] WARNING[2306] chan_sip.c: !!! (config
>> category='1003' global force_rport='No' peer/user
force_rport='Yes')
>>
>
>
>
>> [May 27 15:52:33] WARNING[2306] chan_sip.c: !!! PLEASE NOTE: Setting
>> 'nat' for a peer/user that differs from the  global setting can
make
>> [May 27 15:52:33] WARNING[2306] chan_sip.c: !!! the name of that
>> peer/user discoverable by an attacker. Replies for non-existent
>> peers/users
>> [May 27 15:52:33] WARNING[2306] chan_sip.c: !!! will be sent to a
>> different port than replies for an existing peer/user. If at all
>> possible,
>> [May 27 15:52:33] WARNING[2306] chan_sip.c: !!! use the global
'nat'
>> setting and do not set 'nat' per peer/user.
>> [May 27 15:52:33] WARNING[2306] chan_sip.c: !!! (config
>> category='2000' global force_rport='No' peer/user
force_rport='Yes')
>>
>
>
>
>> [May 27 15:52:33] WARNING[2306] chan_sip.c: !!! PLEASE NOTE: Setting
>> 'nat' for a peer/user that differs from the  global setting can
make
>> [May 27 15:52:33] WARNING[2306] chan_sip.c: !!! the name of that
>> peer/user discoverable by an attacker. Replies for non-existent
>> peers/users
>>
>> What happen with my Asterisk, and how to protect with this?
>>
>
> Your system is not under attack.  You have a configuration mismatch between
> the
> global SIP nat setting and the per peer/user nat setting for the indicated
> peer/users.
> The warning messages are indicating a potential security vulnerability in
> your
> configuration for each peer/user and are describing what can happen and
> what you
> need to do if those peer/users are exposed to the outside world.
>
> Your global SIP nat setting is NO for force_rport and several peers are set
> to YES
> for force_rport.
>
> In simplest terms only use the global SIP nat setting and do not use the
> per peer/user
> nat settings.
>
> Richard
>