[VOIPSEC] Blocking PING and getting REGISTER message

[Gilbert Lee]

Hi, all. I have a just simple question. What do you think about "Blocking
PING packet of VoIP client"?
Most of VoIP clients adopt keep alive algorithm to keep connection with SIP
proxy(sending and receiving PING message periodically).

Attacker would like to get VoIP client's SIP message including
authentication value(MD5 or plain),
but unless VoIP client reboots(REGISTER) or makes a call(INVITE), it never
sends authentication value through network.

For attacker to acquire victim's SIP authentication value, suppose the
following scenarios.

1. Attacker is in the middle of network between VoIP client VoIP proxy.
2. Attacker blocks only PING packet while other packets are routed in a
normal way.
3. If PING packet is blocked, VoIP client should think that network is
disconnected, and it trys to recconnect.
4. In reconnectting procedures, VoIP client is asked to send REGISTER
message again to SIP proxy.
5. In this way, attacker can get REGISTER authentication value without any
touching VoIP client with his hand.

I've figured out that most PING message syntax is very simple that I've ever
tested.
Of course, if authentication message is encrypted with MD5 and password is
long enough, it is hard for attacker to hack it's original password.

Any way, do you any idea, solution or mechanism that enables you to detect
and prevent such an attack like this?