dear co-forumers. i am running a PBX for my office. it is a debian 6 32bit, with asterisk and freepbx. the precautions that i have taken to protect myself are to change the default ports:
-ssh to 39922
-apache to 39988
-sip bindport to 39960
-rtp 10000 to 20000
-openvpn server standard port
the ip address is 99.120.xx.yy and it is a vps.
apart from that i have applied iptables to allow access only to these ports.

the problem is that still i can see brute force attackers, pings of death and sipvicious access.
how can i protect myself?

...because the "Security Debian" manual, SANS, OWASP, Cisecurity, Asterisk and FreePBX documentation tell you that port obfuscation is all you need to do?