cisco 2600 running a sip trunk
can sip credentials be 'sniffed' over the internet? One person told me they can, another says it's impossible so I'm confused. The sip password in my router config appears as encypted with a number '7' preceding it. Thanks for any advice.
SIP authentication is typically handled with the same algorithm as HTTP MD5 Digest authentication.
So the actual credentials are MD5 hash'd, but probably aren't as secure as it could be.
The configuration space of the router isn't related to how the protocol communicates over the Internet?? But the router most likely needs to have a reversable hash in configs so it can properly do the HTTP MD5 digest authentication.
so does that mean it's possible to sniff sip credentials over the internet?
No. The client sends a MD5 has of the password across the connection. The server sends a "nonce" to hash with the password, to prevent replay attacks.
Uzytkownik "tg" napisal w wiadomosci news:4c225fab$0$12155$ snipped-for-privacy@news.zen.co.uk...
It's much worse: one could use your router as toll fraud chain...
fortunately I only have a small amount in payg credit so that's the most I could lose. But how could anyone on the WAN side 'use my router'?
thanks for your feedback on this Doug. Have you seen this?
Here's a demo of sipscan in action.. You can also download it yourself.
Most people setting up a "PBX" type application of SIP usually are very lazy about security surrounding the protocol. Letting anybody connect to it. By default it will let anybody connect. What they can do beyond that is really up to how the device is setup beyond that. (And since things like Cisco gateways doing SIP offer you an infinate number of ways to configure things beyond that, many are going to be very insecure methods).
Since SIP allows two way control of things that potentially can cost you money, make sure you know who is connecting to your SIP trunks, or throw the whole thing behind a firewall, only opening up the smallest hole you need to to have it work.
Its not like HTTP which generally only allows one way flow of data down.
I would highly recommend that the original poster, tg, study up a bit more on the SIP protocol, hashes that don't use salts, rainbow tables, best practices for deploying SIP services. Then they may wish to decide whether their current Cisco gear is best suited for their deployment. Below are a few places to start aside from contacting the TAC, turning on SIP packet inspection, etc.
-Gary
Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.