Quoting upstream advisory AST-2009-007:
A missing ACL check for handling SIP INVITEs allows a device to make calls
on networks intended to be prohibited as defined by the "deny" and "permit"
lines in sip.conf. The ACL check for handling SIP registrations was not
Affects all 1.6.1 versions, fixed in 220.127.116.11
asterisk-18.104.22.168-1.fc11 has been submitted as an update for Fedora 11.
asterisk-22.214.171.124-1.fc11 has been pushed to the Fedora 11 stable repository. If problems still persist, please make note of it in this bug report.