I just got attacked by this IP. Received a hundred of simultaneous SIP calls from this IP (with different CIDs and different DID destination). When answered, they masquerade with a realcallerID "asterisk" <asterisk> They tried to hack the voicemail/password (maybe to try to identify existing extensions)? All the attack last less than 2 minutes. I did not however see any registration attempt that would have triggered fail2ban. PS: yes I allow anonymous sip call to allow inbound enum. However my anonymous sip context has some other restrictions..