Got a system getting phantom “failed” calls from random extensions. Clearly getting probed. Unclear how this is happening though as the attempts show up in the logs from the same IP but it’s not getting banned.
Anonymous and SIP Guests are both set to NO in FPBX. Pjsip is only transport in use via UDP and the port IS open to the outside, sangoma firewall is on and the interface is set to internet zone and responsive is enabled for pjsip as this system has a lot of mobile workers with changing IP’s. Working on rolling out OpenVPN but working with a couple hundred non-Sangoma phones and we can’t touch the phones/people because of distance and the quarantines going on.
The failed invites are showing up in the logs, and there is a pattern to the attempts. 5 invites that fail, then a pause of a few minutes, then another 5, over and over. The source IP is not getting banned. I can and have manually banned the IP’s but am interested in why they’re not getting banned in the first place.
Sample Invite excerpt:
Request ‘INVITE’ from ‘sip:RANDOMEXTENSION@BOGUSIP1’ failed for ‘BOGUSIP2:53199’ (callid: RANDOMGUIDHERE) - Failed to authenticate
Anything I can check to make sure we didn’t overlook something simple to get these guys banned properly automatically?