Call Graph Shows Supplemental Call Legs

[xodious]

Is there a way to tell what registrations, calls or attempts are being handled by Vodia that the System Resources graph would count as a call leg, while the call log wouldn't? 

For example, /reg_callog.htm at the administrator level doesn't show calls between 2 and 3 AM, but the System Resources -> Calls Graph may show a high number of Call Legs. (6-40 for example.) 

[Vodia PBX]

That would be a scenario where something fishy was going on - for example a device was trying to start a call but could not get past the authentication phase. If the IP address of the source was blacklisted because of this the admin would get an email notification about this (important) event. 

[xodious]

It appears to be so... https://github.com/EnableSecurity/sipvicious 

I open the PBX with this issue to the world and it only blocks attempts like this for an hour for each attacking IP address.
Are there changes that one would suggest? I have clients that roam around non static IP space. 

[Vodia PBX]

There is a list of SIP User agents that are rejected - this should include SipVicious.

Another simple thing you can do is to give the PBX a real domain name (not "localhost") and then block any request that does not match the domain name. This is a little bit like a password that can very effectively block such attempts. This makes a lot of sense if you are on public IP.