The SIP trace shows messages from what I took to be a suspicious connection from sip:firstname.lastname@example.org so I added that IP address to IP
tables…but then anveo showed as unreachable so I removed that rule.
Yes, I’m running fail2ban.
What are these messages from sip:email@example.com? The domain name alone set off alarm bells for me. (I was looking for my own registration attempts when I turned on SIP debugging.)
fqdn*CLI> sip set debug on SIP Debugging enabled fqdn*CLI>
<--- SIP read from UDP:188.8.131.52:5010 --->
OPTIONS sip:firstname.lastname@example.org:5060 SIP/2.0
Via: SIP/2.0/UDP 184.108.40.206:5010;branch=0
CSeq: 1 OPTIONS
— (7 headers 0 lines) –