The SIP trace shows messages from what I took to be a suspicious connection from sip:email@example.com so I added that IP address to IP
tables…but then anveo showed as unreachable so I removed that rule.
Yes, I’m running fail2ban.
What are these messages from sip:firstname.lastname@example.org? The domain name alone set off alarm bells for me. (I was looking for my own registration attempts when I turned on SIP debugging.)
fqdn*CLI> sip set debug on SIP Debugging enabled fqdn*CLI>
<--- SIP read from UDP:220.127.116.11:5010 --->
OPTIONS sip:email@example.com:5060 SIP/2.0
Via: SIP/2.0/UDP 18.104.22.168:5010;branch=0
CSeq: 1 OPTIONS
— (7 headers 0 lines) –