In the System Log I see messages like:
chan_sip.c: Bad authentication received from 'sip:firstname.lastname@example.org:5060'
Is it possible to see the IP address from where the registration attempts are being made?
It seems some old account info, but I can't recall from where or what.
Yes, enable SIP Trace in there. The IP address will be shown in P-src-ip field of the packets.