I have these entries in my call detail records. I know that these are of malicious nature, but what exactly are these and what do hackers want to accomplish with these attempts? I don’t see that there was a number dialed.
I am surprised that this can happen, as my Asterisk is behind a firewall and SIP/RTP ports are only open to a few IP addresses and hostnames. Fail2ban kicked in and blocked the bad IP, but I am still confused why this IP could even get through the firewall to the server with my firewall rules in place.
Also don’t know why there were 9 of these attempts before fail2ban blocked the IP.
2015-01-19 04:21:46,764 fail2ban.actions: WARNING [asterisk-iptables] Ban 126.96.36.199
Allow SIP Guests was set to “Yes”, and is now set to “No”. Anonymous Inbound SIP Calls was also set to “No”.