Is someone is trying to access our IP-PBX

Solution 1:

Since I've been answering the question in the comments I figured it was more appropriate to put it here:

It's not unusual for your PBX (or any service) to get probed by bots/hackers/whatever out there when you are internet facing... This happens with web servers, SSH, SMTP, etc... all the time. As long as you are open to the Internet without restriction, you'll keep seeing stuff like this.

I don't use res_pjsip but it sounds like your getting call attempts to destinations that don't exist. Look at your other logs, enable debugging, or enable debugging on the console to see what these requests are for if you want to know.

At one point I personally was getting attempts to call Lebanon many times a day every day (that never went through). I've also had people attempt to call every internal extension (some went through!)...

So, if this bothers you, lock it down. Use SSL, restrict connections by IP, don't use numbers for your SIP accounts, maybe use a VPN. Whatever works. If you must leave it wide open to the Internet, make sure things are configured very securely and these attempts will go nowhere. Just like attempts to compromise servers via HTTP/SMTP go nowhere when the servers are configured securely.

As for your last question, I don't know why IPs aren't getting blocked after several failed attempts. Are they supposed to?

Solution 2:

A lot of people think a firewall is a security system for a PBX. It's not. If you forward SIP and RTP into your PBX through your firewall, then your firewall is only acting as a router (from the perspective of VoIP). There is no checking of valid users, devices, geographic locations, dialing patterns, user behaviours, etc.

Setting up basic security for Asterisk is essential - there are weaknesses in Asterisk/SIP that get exploited, and even more in the configuration generators (Elastix/FreePBX/etc). For example, a weakness in the FreePBX GUI last year allowed attackers to rewrite dialplans allowing them to call anyone, anytime, etc. (and the corresponding $100k+ phone bills that you are responsible for). Again, a firewalls does nothing for you in this case. For fun, Google $400k Asterisk PBX fraudin one weekend and watch the video (an Astricon presentation)!

Take a look at Voip Info for a good intro to securing your PBX (These are facts - the reality of VoIP security - not an opinion/perspective).

If this is a small installation (which I suspect it is), install the free version of SecAst to secure your PBX.