Strict RTP learning used to attack Asterisk which is overcoming fail2ban

Hi All, I am using fail2ban to Block SIP brute force attacks. I am using the setting as recommended by Faile2ban org. But I am still getting unblocked attacks which seems that using Strict RTP learning. Below is the log I am getting for this attack;

[2018-06-03 08:44:14] VERBOSE[2474][C-0000006d] netsock2.c: Using SIP RTP CoS mark 5
[2018-06-03 08:44:14] VERBOSE[2474][C-0000006d] res_rtp_asterisk.c: 0x7f622c066910 – Strict RTP learning after remote address set to:
[2018-06-03 08:44:14] NOTICE[2474][C-0000006d] chan_sip.c: Call from ‘’ ( to extension ‘913137710801’ rejected because extension not found in context ‘public’.
[2018-06-03 08:44:46] WARNING[2474] chan_sip.c: Retransmission timeout reached on transmission f3c24027399e87260ca853f5cc8cedcd for seqno 1 (Critical Response) – See
Packet timed out after 32000ms with no response

Any idea on how to block it?

disallow guest calls

OK thank you… Will try it then will update you.

I wrote a code that blocks ip addresses from which there are attempts to make calls

Thats great… did you just want our praise… or maybe willing to share… :wink:

Thanks again, seems this is working fine. But seems that I have a new attack after this. Now I am getting this;
NOTICE[2541][C-000000c7] chan_sip.c: Failed to authenticate device sip:2010@xx.xx.xx.xx;tag=879646454 (where xx.xx.xx.xx is my ip)
Do I need to have new post for this?

The security advice is not to use extension names as device names; use something like the MAC address of the device. Also, you should ignore all the cookbook solutions and never use type=friend, unless you really need to, which is rarely.

If neither of those are options, you should ensure that your passwords are strong and consider improving your firewall rules, or adding address limitation in you Asterisk configuration.

You cannot avoid attack warnings purely within Asterisk, although you can move them earlier in the validation of calls. You have to improve your firewall to prevent attacks reaching Asterisk.