Your firewall probably doesn't apply it to the "self" context, so it blocks traffic through the device but not to the device. Firewalling these attackers individually doesn't scale very well.
Create a standard access-list sip-access. include in it the IPs of the external SIP servers of your provider(s) as well as any internal subnets with SIP phones
Apply it to the SIP process.
ip access-list standard sip-access
permit 192.168.2.0 0.0.0.255 ! internal phone subnet
permit host 192.0.2.33 ! Provider's SIP server
sip access-class ip "sip-access" in