There seems to be some oversimplification here. I can drop my server in a DMZ and that doesn’t make a difference. You aren’t going to leave port 88 open and suddenly someone is connecting via SSH. This isn’t leaving a window open in your house. If nothing is responding on a port then it is pointless. The only risk is if whatever is listening on that port has the ability to do bad things. So what is the risk of a pjsip port listening with nothing on it? Unless there is a CVE there is likely no risk. Most “hacks” these days are done by script kiddies and they use software that exploits known vulnerabilities. If your software is kept up to date and you are using sane practices there is very minimal risk