Block Unknown SIP INVITE

Hi,

Since a few weeks we are receiving a lot of SIP INVITES from IP address. The calls are rejected, because they are not from a known extension.

What can I do to block these IP’s? For example with IPtables?

Asterisk 11.7
CentOS 6.8

Best regards,
Joost Lauwen

I made a simply Bash script which run the command “sip show channels” and evaluate if is an INVITE and came from a then log that to a file, using blockhost or fail2ban you can ban those IP Addresses if match the blocking count.

simply block the user agent string - sipcli/v1.8 in this case - with iptables. Alternatively, you can block countries with ipset (google will help you), and if you want to spend valuable time looking after security, read: https://blog.ls20.com/securing-your-asterisk-voip-server-with-iptables/