I whipped up a BFD rule to try and defend against sip attacks. This watches for failed logins in the /var/log/asterisk/full log and then blocks them. I set the TRIG level low so you might need to change this to something you are more comfortable with.
Drop this file in /usr/local/bfd/rules/
Name the file asterisk
# failed logins from a single address before ban
# uncomment to override conf.bfd trig value
TRIG="5"
# file must exist for rule to be active
REQ="/usr/sbin/asterisk"
if [ -f "$REQ" ]; then
LP="/var/log/asterisk/full"
TLOG_TF="asterisk"
TMP="/usr/local/bfd/tmp"
## ASTERISK
ARG_VAL=`$TLOG_PATH $LP $TLOG_TF |grep "Wrong password" /var/log/asterisk/full | awk '{NF=NF-3} { print $NF}'| tr -d '\'\' `
fi