Just browsing through “Asterisk™: The Definitive Guide” - ofps.oreilly.com/titles/9780596517342/ uncovers number of places where the authors suggest using type=friend for SIP device definition.
This is a very strange proposition. I asked multiple times for an example where type=friend would be necessary, e.g. viewtopic.php?t=78679 and have not seen an answer.
The problem with type=friend is it creates peer as well as user. The user part allows bruteforcing accounts in a way that fail2ban can not protect against. It also allows calls without registration.
Do yourself a favor and change all of your type=friend to type=peer. The output from
should be empty.