16 million failed SIP registrations in 24 hours from 1 host

I recently stood up a Bicom PBXware virtual machine to do some testing. I noticed that there were a few thousand SIP registration failures a couple hours later as the box sat idle.

Today, I hopped on the box to begin some configuration for my testing environment and noticed the failed SIP registrations now sat at 16 million, or about 185/sec.

Investigating only from the dashboard, I noticed that they were all from the same IP address 167.x.x.255, which is a Digital Ocean IP. If I disable the PBXware Proxy service, it brings the failed SIP registrations to a screeching halt.

Tomorrow I’ll investigate this more. For now, I’ve disabled the PBXware Service from the web administration.