I have servers getting slammed with sip brute force attacks on a daily basis now from just a few times a week a few months ago. This isn't much of a problem except that lately we've been getting slammed faster and faster. We have fail2ban running and set to 20 attempts before banning. The attacks happen so fast that about 10,000-14,000 attempts go through before it gets banned. This hasn't run us into any issues with server load or bandwidth but this is a just a general question as to if this is a norm in the industry? We have a Tier 1 backbone now and I was thinking that's just what caused the rise in hack attempts.
Does anyone who works for a communications company have similar hack attempts and if so are there any recommendations you could share?
Thanks in advance!