can sip credentials be 'sniffed' over the internet? One person told me they can, another says it's impossible so I'm confused. The sip password in my router config appears as encypted with a number '7' preceding it. Thanks for any advice.
SIP authentication is typically handled with the same algorithm as HTTP MD5 Digest authentication.
So the actual credentials are MD5 hash'd, but probably aren't as secure as it could be.
The configuration space of the router isn't related to how the protocol communicates over the Internet?? But the router most likely needs to have a reversable hash in configs so it can properly do the HTTP MD5 digest authentication.
Here's a demo of sipscan in action.. You can also download it yourself.
SIP is a very chatty protocol.
Most people setting up a "PBX" type application of SIP usually are very lazy about security surrounding the protocol. Letting anybody connect to it. By default it will let anybody connect. What they can do beyond that is really up to how the device is setup beyond that. (And since things like Cisco gateways doing SIP offer you an infinate number of ways to configure things beyond that, many are going to be very insecure methods).
Since SIP allows two way control of things that potentially can cost you money, make sure you know who is connecting to your SIP trunks, or throw the whole thing behind a firewall, only opening up the smallest hole you need to to have it work.
Its not like HTTP which generally only allows one way flow of data down.
I would highly recommend that the original poster, tg, study up a bit more on the SIP protocol, hashes that don't use salts, rainbow tables, best practices for deploying SIP services. Then they may wish to decide whether their current Cisco gear is best suited for their deployment. Below are a few places to start aside from contacting the TAC, turning on SIP packet inspection, etc.