;; ANSWER SECTION:
losangeles.voip.ms. 300 IN A 184.108.40.206
which is nothing like 220.127.116.11.
Also ITSPs don’t, in general register, and you don’t have anything but your ITSP configured and the error message suggests that the the registration is from the ITSP. I assume something that you have not configured is trying to register and masquerade as the ITSP.
Sorry, I copied the wrong address from the error message I should have said that 18.104.22.168 is rather different from 22.214.171.124.
I still have the problem that an ITSP would never send REGISTER to a user, as it generally wouldn’t now the user’s address (except for the register the other way), and also, in practice, ITSPs never try to identify themselves.
It looks to me as though those registrations are coming from Cambodia, so I assume they are either the result of misconfiguration of the Cambodian system, or, more likely, represents attempted telephone fraud.
Any SIP UAS that is open to all SIP traffic will be attacked within minutes of going online.
Note that there is the possibility of a catch-all endpoint. The documentation says this:
; Anonymous Calls
; By default anonymous inbound calls via PJSIP are not allowed. If you want to
; route anonymous calls you’ll need to define an endpoint named “anonymous”.
; res_pjsip_endpoint_identifier_anonymous.so handles that functionality so it
; must be loaded. It is not recommended to accept anonymous calls.
You are very unusual business. In practice, even though SIP allows point to point call setup, businesses only allow calls to come via their service provider, or from devices supplied to their employees. In the latter case, many would only accept those calls over a local network or a VPN.
The risk with allowing anonymous SIP calls is that there is no filtering of the request format, so if you get your configuration wrong, the caller can make outgoing chargeable calls; there are a lot of people out there trying to do that, and you will have received calls from them within minutes of being exposed to the internet. Also, the lack of control of the format means that they can exploit any vulnerabilities in your system that depend on malformed requests.
The lack of control means that it is easy to fake caller IDs and make fraudulent calls, that, for example, appear to have originated from within your company.
Anonymous here doesn’t mean that the caller ID is missing, but rather that the immediate upstream source is unknown to you. chan_sip uses the term “guest”.
Also, having Cambodian phones hanging off a, presumably US virtual server, doesn’t seem an efficient use of internet resources, unless you don’t make any internal calls and only have calls with people in the US.