Attack Mode. Failed to Authenticate

Some script kitty has decided to try and find a weak point in my Asterisk box.

In the basic Asterisk (11.5) log I get this:
[Sep 26 11:46:38] NOTICE[29782][C-00000ece] chan_sip.c: Failed to authenticate device 401<sip:401@<my.ip.add.ress>;tag=e41ef400
[Sep 26 11:49:21] NOTICE[29782][C-00000ed1] chan_sip.c: Failed to authenticate device 501<sip:501@<my.ip.add.ress>;tag=36ae8fa5

In the security log I get the corresponding messages:
[Sep 26 11:46:38] SECURITY[29750] res_security_log.c: SecurityEvent=“ChallengeSent”,EventTV=“1380210398-480847”,Severity=“Informational”,Service=“SIP”,EventVersion=“1”,AccounID=“sip:401@<my.ip.add.ress>”,SessionID=“0x203cb08”,LocalAddress=“IPV4/UDP/<my.ip.add.ress>/”,RemoteAddress=“IPV4/UDP/”,Challenge=“3098232e”

[Sep 26 11:49:21] SECURITY[29750] res_security_log.c: SecurityEvent=“ChallengeSent”,EventTV=“1380210561-121061”,Severity=“Informational”,Service=“SIP”,EventVersion=“1”,AccounID=“sip:501@<my.ip.add.ress>”,SessionID=“0x25ef378”,LocalAddress=“IPV4/UDP/<my.ip.add.ress>/”,RemoteAddress=“IPV4/UDP/”,Challenge=“79ad26df”

BTW, I left the source port as I had found it in case anyone cares to block the PITA.

PROBLEM: The messages log does not contain any useful blocking information AND the security log doesn’t identify this as an attack and log entries are identical to a legitimate device connecting to the server.

Interestingly I don’t get an invalid device error (there is no 401 or 501 device on the server).

I can block the IP manually, but I can’t see a reasonable way to block it mechanically. PLUS I don’t know why I am getting an Informational event when there is no device 401 or 501.

Suggestions? Comments?