Somebody trying to hack my server?

Opened SIP port to world recently and here is what I see when go to asterisk CLI:

[Apr 24 17:09:35] NOTICE[4453]: chan_sip.c:27776 handle_request_register: Registration from '"2304" <sip:2304@192.168.33.31:5060>' failed for '212.129.1.26:5074' - Wrong password [Apr 24 17:09:35] NOTICE[4453]: chan_sip.c:27776 handle_request_register: Registration from '"804" <sip:804@192.168.33.31:5060>' failed for '212.129.1.26:5100' - Wrong password [Apr 24 17:09:35] NOTICE[4453]: chan_sip.c:27776 handle_request_register: Registration from '"704" <sip:704@192.168.33.31:5060>' failed for '212.129.1.26:5074' - Wrong password

I don’t know this IP, looks like somebody phishing to get access. Right now I have no trunks so no worries, but how do I stop this from happening?

If you have opened SIP to the world, it is guaranteed that people will try to hack it.

This is war dialling not phishing. Phishing only works with people, not machines.

Use your fiirewall to limit source addresses to networks you trust. Disable allowguest. Use strong passwords for everything. Use type=peer, rather than type=friend. If possible use apparently random device names not the associated primary extension number. Consider using fail2ban (an attack rate limiter which sets firewall rules to match the source of failed attacks). Read the security best practices document.

Thanks for clarifying on terminology

I’m going by THE book, so all of my extensions named by MAC address. Long, random passwords. I’m not concerned with them actually succeeding, it’s just that they put load on a server.

Seems like fail2ban is a way to go. And maybe ban certain geographies IP ranges.