Change default sip port from 5060 to something else for example 11333.
add the following to the file:
(Change 5060 to your new port).
Don’t forget to add the new port into Fail2Ban.
Define the new port on firewall
Set “alwaysauthreject=yes” in your sip configuration file in order to prevent Asterisk from telling a sip scanner which extensions are valid by rejecting authentication requests on existing usernames with the same rejection details as with nonexistent usernames. Set Allow Sip Guests to no.
Finally check your ports: