You probably need to deny “Anonymous” and “Guest” connections. You need an effective IDS, I suggest
https://github.com/fail2ban/fail2ban/tarball/master
But the most effective method is NOT to allow ANY UDP/5060 connections, configure your system to listen on another port and arrange with your VSP to NOT use 5060, and redirect 5060 from your VSP’s 5060 traffic to your chosen port on your firewall if they wont or cant do that for you.
(there are plenty of posts here that discuss all this, there is also a search box at the top of this page)