Hi All, I am using fail2ban to Block SIP brute force attacks. I am using the setting as recommended by Faile2ban org. But I am still getting unblocked attacks which seems that using Strict RTP learning. Below is the log I am getting for this attack;
[2018-06-03 08:44:14] VERBOSE[C-0000006d] netsock2.c: Using SIP RTP CoS mark 5
[2018-06-03 08:44:14] VERBOSE[C-0000006d] res_rtp_asterisk.c: 0x7f622c066910 – Strict RTP learning after remote address set to: 22.214.171.124:5072
[2018-06-03 08:44:14] NOTICE[C-0000006d] chan_sip.c: Call from ‘’ (126.96.36.199:5070) to extension ‘913137710801’ rejected because extension not found in context ‘public’.
[2018-06-03 08:44:46] WARNING chan_sip.c: Retransmission timeout reached on transmission f3c24027399e87260ca853f5cc8cedcd for seqno 1 (Critical Response) – See https://wiki.asterisk.org/wiki/display/AST/SIP+Retransmissions
Packet timed out after 32000ms with no response
Any idea on how to block it?