Setup:
voip.ms primary account, let's call it 666666 (the devil made me do it) not registered to by any device
subaccount-1 666666_1 Obi#1 registers on SP2
subaccount-2 666666_2 Obi#2 registers on SP2
I was testing the other night which is probably incidental (coincidental even) to this issue. I received an incoming call about the time I hung up from making a test call. The call caught me off guard and I answered it even though it had a callerid of 666666_2 (my subaccount-2). I was pretty sure I hadn't called myself but these digit maps make my head hurt so I wasn't 100% positive that the call wasn't from me. It wasn't. The caller (a male) said he had a long distance call for the owner of the house and asked if I was the owner of the house. I hung up on him. The destination of the call in the
voip.ms call log is 6666661 which is subaccount-1 and it came in on Obi#1. There's no activity in the
voip.ms call log to indicate the bozo was actually using my account to place the call. Seems he just spoofed the callerid in hopes of confusing me, which he kind of did.
I think the SIP URL for subaccount-1 is
6666661@realcityhere.voip.ms so I guess it would be trivial to robo-dial
numbers like ######1@realcityhere.voip.ms using a spoofed callerid like ######_2.
Finally, my questions. Is this type of shenanigans common? How secure is the registration process to the server? I mean, can the password be intercepted or is it encrypted?