Lots of unknown extension numbers on sngrep's result

[Win]

I have completed install FusionPBX package on Debian-12 (Letsencrypt, Fail2Ban, Iptables), I also installed sngrep, I'm just wondered to see the sngrep's result as enclosed

there are lots of unknown extension numbers in the SIP From column with Method "INVITE", I saw some of those IPs are DROPPED by the Fail2ban.

looks like I have been attacked.. cmiiw, any body can give me suggestion?

 

[ardyhash]

Welcome to the internet, it's not the best of neighborhoods. You've crossed the first hurdle of installing a system, probably the easy part, now you're responsible for keeping it secure for its lifetime, that's the real challenge. If you configured everything correctly fail2ban should block those bots after enough tries and depending on your appetite for risk that may be enough but its pretty much impossible to have ports open to the internet not get knocked on, and if standard ports you can expect a fair share of free pen tests.

 

[Win]

Yes, you are totally correct @ardyhash, we treat them positive way, they do pen test for us for free

 

[wouam31]

Hi,
FusionPBX is protected by EventGuard (you can see the list and even unblock if necessary) you also have Fail2ban.
On my server I added GeoIP protection.

https://github.com/friendly-bits/geoip-shell

 

[ardyhash]

Thanks for sharing geoip-shell. It certainly can't hurt to block traffic from places where no legitimate traffic should be coming from, but do keep in mind that its not uncommon for the attempts to originate from cloud providers or other local sources. We simply shouldn't leave anything connected to the internet unpatched or unmonitored as its still pretty much the wild west out there.