This is a very interesting and important topic. Really incomprehensible that no one has so far answered. Whatever, - because I have the same question I have now warmed up this old thread.
It seems that there exist two main “paths” to target these annoying unknown / anonymous callers.
The most examples which I have found uses the Inbound Routes to catch up such calls and forward them directly to a “dead end”. Alternatively a similar result can be achieved trough the Blacklist feature. The following link includes some (complex) information regarding the Inbound Routes method:
However, - I am unfortunately still not really wiser, - maybe my English isn’t good enough.
A (somewhat) better understandable thread can be found here:
Here follows now my first question. How many “dead” inbound routes I had to generate? For each DID / call variant a separate one?
For example, I have four phones numbers (DID). The first two are for business use and points to Extension 01 which is the main phone (at the reception office). Phone number 3 is fax-only while phone number 4 is mainly for private use and points to Extension 03 (private phone).
If I understand all this correctly then I had to establish at least two new inbound routes, - let’s describe them with Restricted Unknown and Restricted Anonymous.
Both of these points to the Destination Terminate Call and both of them has _. in the DID field. The Restricted Unknown inbound route contains UNKNOWN (with big letters?) in the field Caller ID Number, while the Restricted Anonymous has here just a zero 0.
Update: I’ve tried these restricted route settings for a while now and I can confirm that they works (for me) perfectly.
It is also recommended (after this config) to enable Allow SIP Guests (and in some cases also Allow Anonymous Inbound SIP Calls). According to the Asterisk community thread below the default context (in Asterisk SIP Settings) should be set to a “fictional value” like context=jail.
After this, all dubious calls will be sent (more or less directly) to the Nirvana. When Allow Anonymous Inbound SIP Calls is additionally enabled, all anonymous calls will be immediately terminated (because of the anonymous restricted route) and NOT logged. So this will reduce the logging effort. Note, do NOT enable Allow Anonymous Inbound SIP Calls without the Restricted Anonymous route setting.
Finally, all these changes will give fail2ban a better initial position to catch the unauthorized invites attacks. More information can be found here: