Change default sip port from 5060 to something else for example 11333.

add the following to the file:

(Change 5060 to your new port).

Don’t forget to add the new port into Fail2Ban.

Define the new port on firewall

Disable unused rules and add a one with the new port

Reduce failed attempts

Set “alwaysauthreject=yes” in your sip configuration file in order to prevent Asterisk from telling a sip scanner which extensions are valid by rejecting authentication requests on existing usernames with the same rejection details as with nonexistent usernames. Set Allow Sip Guests to no.


Disable ## and *2
Remove Ttr and Tt

Finally check your ports:

https://www.ipfingerprints.com/portscan.php