I have a VPS hosted FreePBX server, and I am testing out a different SIP trunk provider. Doing so has forced me to change the SIP port to the standard 5060. I started seeing call attempts from non-existent extensions to international numbers. The calls weren’t able to complete, but they are filling my logs and CDR’s with junk. I have disabled my responsive firewall for my PJSIP traffic. I have added my local static IP to the networks tab as trusted for my phones. They register and work just fine. However, watching my SIP logs, I constantly keep seeing invites trying to place calls from extensions I do not have on my PBX. I added the source IP’s to the blacklist in the firewall settings and I have restarted asterisk, and it seems like it hasn’t made a difference. Those same IP’s I have blocked still persist with attempts. Under services, I have changed my SIP protocol to Local only as well. Under SIP settings, I have disabled both Allow Anonymous Inbound SIP Calls and Allow SIP Guests. I’m not sure if I am missing something in the firewall to prevent these attempts.I have my intrusion detection [fail2ban] running and I increased those restrictions too.
Can someone help me identify what I am missing to help tighten security?