Hi List<br>Recently i have noticed this attack on couple of servers,<br>usually a foreign IP starts sending tons of register request without any answer to authentication,<br>if you type sip show channels in cli you will see tons of these: <br>
1.2.3.4 (None) 2389603298 00101/00001 0x0 (nothing) No Rx: REGISTER<br><br>since there is no authentication in place, asterisk does not see any failed register attempt, so there wont be anything added to log file as failed attempt. <br>
thus fail2ban wont see any activity and wont block the IP.<br>it simply brings down the internet link and the box due to too many sip channels.<br><br>