I just thought I would share an interesting attack against one of my servers which was running fail2ban.
The attacker used 4 different ip addresses, each scheduled to attempt a login every 5 minutes. That way they did not exceed the findtime in fail2ban as the time to exceed a maxretry of 5 is 5x5x60 = 1500 seconds. I note the default retry for asterisk is set to 10 retries = 3000 seconds
To solve this issue the findtime line in jail.local needs to be increased from the default value of 600 seconds.