Random inbound calls from caller id 'Asterisk' - possible hack attempt?

I have been receiving intermittent call(s) from caller id “Asterisk”. It seems like a possible hack attempt. It seems to be happening on one of my trunk lines not located behind the FreePBX firewall. This is an external extension with single DID pointing to a Handytone 286. Any thoughts on clearing out these calls from coming through to the DID more so to avoid the attempts on my box? Please advise. Thank you in advance for any thoughts or advice you may be able to offer.
Lastly, I do not see the calls coming through on my FreePBX reports CDR logs.

Put callerid “asterisk” in the blacklist . FreePBX will not let you do it via the GUI so you have to do it from the CLI.
More important question is why are you exposing port 5060 to the outside world ?

Wonderful thank you. Have 5060 for a private line outside of office. Everything else is on VPN’s site-to-site for the most part. This is the one private line that is running. Everything is locked out including ssh web etc. Nothing accessible outside of vpn (excluding this line of course).

Blacklist now shows from CLI>, is this all that is needed?

database show blacklist
/blacklist/asterisk : 1
1 results found.

Why don’t you setup an iptables rule to only allow inbound 5060 from the LAN, VPN and the one remote IP? If it is not static just allow the netblock of your provider.

That will significantly reduce your online footprint

Will look into that recommendation. I will write out some rules and add them to iptables. For the moment the asterisk blacklist will have to do until I am able to test the iptables rules suggested. Always weary of big changes on production machine(s).

You may find that the APF firewall is easier to write rules from than straight IPTABLES. It installs fine on the distro and you can add the BFD brute force protection module for an added layer.

The slick thing about APF is when you first install the package it shuts down in 5 minutes in case you lock yourself out.

Here is a link to the package:

http://www.rfxn.com/projects/advanced-policy-firewall/

If you would like APF professionally installed on your FreePBX distro feel free to click on the Support tab and ask for me.