This is most likely an attempted attack, conceivably a misconfiguration of someone’s server; see https://whois.domaintools.com/92.42.109.98
Palestine is a common source of attacks.
The error was related to pjsip not accepting an @ in the user field of the Contact header.
Depending on whether you have external extensions, etc., you could block SIP from unknown addresses with FreePBX firewall and/or your hardware firewall. Otherwise, you shouldn’t get many of these if the attacker got blocked by fail2ban.
Sure you can. But you should notice that the country of origin of an IP address isn’t necessarily the same country the attack comes from. Depending on the routing you could also block yourself with that.
“In each incident, the intruders have left behind a “web shell,” an easy-to-use, password-protected hacking tool that can be accessed over the Internet from any browser. The web shell gives the attackers administrative access to the victim’s computer servers.”
Hard to be empirical, but over the years I have seen +99.9% probes coming in from UDP/5000-5099 . That leaves you over 60000 more choices and at least two other protocols, choose wisely and you will get significantly less noise. Add a port scan and port flood rule to your iptables against that chosen port and you will feel like the Maytag repairman
If your firewall allows any IP to scan 65000 ports or anynumber of IP’s to scan any one port that you use more than a few per second without doing something about it, I would suggest your firewall is pretty lame.
Little surprised we’re having this discussion. The idea is you employ other people’s servers in the U.S. to run attack scripts targeting VoIP servers elsewhere, NOT on the Exchange server. I was simply giving you one of many examples of compromised U.S. IP addresses. Perhaps you’ve heard of Solarwinds?