Jump to content

webrtc suggestion


Recommended Posts

I don't quite understand.


It can't be from the calling side, since anyone would be allowed to call on a public website.


So I don't understand where to match a user agent. If you mean to check if it is indeed from the browser then that would be useless since all javascript info is available to everyone anyway. We do check the trunk's id which is unique but again it is available.


Maybe you meant something entirely different that I misunderstood.



Link to comment
Share on other sites

well any sort of authetication from the webrtc client to the trunk..


what we are seeing is scanners are attempting to make calls which ring our AA then to go a hunt group and our guys are getting a lot of fake calls.


cant really IP restrict the trunk.. but something to limit a legit webrtc would be nice :)

Link to comment
Share on other sites

no, doing a bad job explaining..


when you create a webrtc trunk there are no IP restrictions (for the trunk). so scanners find the PBX they try to make calls (international for example) because the PBX is accepting them.


But the trunk is obviously set to forward all traffic to an extension so the webrtc client can speak to a live body.


problem is these scanners are generating calls that internal employees are answering. know what i mean?

Link to comment
Share on other sites

Yes I think I know what you mean. Of course if you invite a public audience you are also attracting people that are not welcome. Sooner or later there will be robots trying to make WebRTC calls, and I guess the few sites available today are their test bench. This will be a pain in the neck as we know it from email SPAM, jeopardizing the benefits of browser-based telephony. At the end of the day the question is how we can find out if the user use human or a robot.


I see two possibilities here. First, we could send the call to the auto attendant, so that the user has to press a button after listening to a prompt. That is still possible for a robot, but difficult and whoever is operating the robot will find out that this does not lead to free international calls. What we could do here is randomly pick the button that needs to be pressed, so that the robot would have to really listen to the what is being said at the right time. So considering the time factor and the right button, you can reduce the risk of a SPAM call by factor 50-100 easily.


The other possibility is to do the Captcha game: The system shows an image with a small riddle in it, one that is hard to solve by a robot. It does not have to be only that distorted text. It can also be more creative like telling what color an animal in the picture has. The disadvantage is that this will make the click to call feature inconvenient and people might prefer to use the traditional phone call.

Link to comment
Share on other sites

Captcha wont work, its not the webrtc client that is at fault. the scanner will just find the PBX directly.


which is why i suggested having the snomone trunk verify the UserAgent = snomwebtrc is valid and passes the call.


then a scanner who's Useragent = friendly-scanner wont match and it wont process the call.


auto attendant is a good idea, but IMO as a business when someone clicks call on your web site i would rather have a live body answer the call and make the experience as easy to deal with as possible.


OR maybe make the webrtc client use TCP signalling.. that would work!

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Create New...