Question about Security

[infin8loop]

Setup:
voip.ms primary account, let's call it  666666  (the devil made me do it)  not registered to by any device
                  subaccount-1              666666_1  Obi#1 registers on SP2
                  subaccount-2              666666_2  Obi#2 registers on SP2

I was testing the other night which is probably incidental (coincidental even) to this issue.  I received an incoming call about the time I hung up from making a test call.  The call caught me off guard and I answered it even though it had a callerid of 666666_2 (my subaccount-2).  I was pretty sure I hadn't called myself but these digit maps make my head hurt so I wasn't 100% positive that the call wasn't from me. It wasn't. The caller (a male) said he had a long distance call for the owner of the house and asked if I was the owner of the house.  I hung up on him. The destination of the call in the voip.ms call log is 6666661 which is subaccount-1 and it came in on Obi#1. There's no activity in the voip.ms call log to indicate the bozo was actually using my account to place the call.  Seems he just spoofed the callerid in hopes of confusing me, which he kind of did.
I think the SIP URL for subaccount-1 is 6666661@realcityhere.voip.ms so I guess it would be trivial to robo-dial
numbers like ######1@realcityhere.voip.ms using a spoofed callerid like ######_2.

Finally, my questions.  Is this type of shenanigans common?  How secure is the registration process to the server?  I mean, can the password be intercepted or is it encrypted?         


                 

[RonR]

You might want to fire up a syslog server and keep it running all the time to catch any future intrusions to see exactly where they came from and how they came in.

It's possible for calls to come directly into your OBi.  The OBi accepts SIP URI calls addressed to <anything>@your_ipaddress:5060 if SP1 is configured for SIP and <anything>@your_ipaddress:5061 if SP2 is configured for SIP.

You can prevent unauthorized SIP activity by configuring:

Service Providers -> ITSP Profile x -> SIP -> X_AccessList

with a list of IP addresses authorized to communicate with that particular SPx Service.

Generally, this list contains your service provider's IP address and the IP addresses of anyone you expect to get SIP URI calls from.

I've been using this restriction for many months now and nothing has gotten through that shouldn't (I used to get all kinds of false calls from SIP scanners).

[infin8loop]

Service Providers -> ITSP Profile x -> SIP -> X_AccessList is/was already configured on both Obi's with the voip.ms server IP address.  The inbound call definitely came through voip.ms since it's in the voip.ms call log (in addition to the obi call log). There isn't any "outbound" call in the voip.ms call log to suggest they were using my account to make the call.  This just made me concerned about the registration process to the voip.ms server.  Is the password sent during registration encrypted or can an enterprising hacker intercept it and use it to register to my account?  I suppose we'd all be hosed by now if it's not encrypted, but I have to ask.       
     

[infin8loop]

I found the answer to how the registration password is handled here:

http://www.dslreports.com/forum/remark,24099487

http://www.voip-info.org/wiki/view/SIP+Authentication

Apparently my google search terms were better today