hosted Posted July 28, 2013 Report Share Posted July 28, 2013 on a webrtc trunk, it would be nice if you could match the UserAgent or something for some level of authentication. otherwise a receptionist will be answering scanner calls all day long. Quote Link to comment Share on other sites More sharing options...
Vodia Telephone System Posted July 29, 2013 Report Share Posted July 29, 2013 I don't quite understand. It can't be from the calling side, since anyone would be allowed to call on a public website. So I don't understand where to match a user agent. If you mean to check if it is indeed from the browser then that would be useless since all javascript info is available to everyone anyway. We do check the trunk's id which is unique but again it is available. Maybe you meant something entirely different that I misunderstood. Thanks. Quote Link to comment Share on other sites More sharing options...
hosted Posted July 29, 2013 Author Report Share Posted July 29, 2013 well any sort of authetication from the webrtc client to the trunk.. what we are seeing is scanners are attempting to make calls which ring our AA then to go a hunt group and our guys are getting a lot of fake calls. cant really IP restrict the trunk.. but something to limit a legit webrtc would be nice Quote Link to comment Share on other sites More sharing options...
Vodia PBX Posted July 30, 2013 Report Share Posted July 30, 2013 You mean something like a captcha? There is already a trunk hash in the call setup, so those guys are a little bit more sophisticated than just trying WebRTC ports out. Quote Link to comment Share on other sites More sharing options...
hosted Posted July 30, 2013 Author Report Share Posted July 30, 2013 no, doing a bad job explaining.. when you create a webrtc trunk there are no IP restrictions (for the trunk). so scanners find the PBX they try to make calls (international for example) because the PBX is accepting them. But the trunk is obviously set to forward all traffic to an extension so the webrtc client can speak to a live body. problem is these scanners are generating calls that internal employees are answering. know what i mean? Quote Link to comment Share on other sites More sharing options...
Vodia PBX Posted July 30, 2013 Report Share Posted July 30, 2013 Yes I think I know what you mean. Of course if you invite a public audience you are also attracting people that are not welcome. Sooner or later there will be robots trying to make WebRTC calls, and I guess the few sites available today are their test bench. This will be a pain in the neck as we know it from email SPAM, jeopardizing the benefits of browser-based telephony. At the end of the day the question is how we can find out if the user use human or a robot. I see two possibilities here. First, we could send the call to the auto attendant, so that the user has to press a button after listening to a prompt. That is still possible for a robot, but difficult and whoever is operating the robot will find out that this does not lead to free international calls. What we could do here is randomly pick the button that needs to be pressed, so that the robot would have to really listen to the what is being said at the right time. So considering the time factor and the right button, you can reduce the risk of a SPAM call by factor 50-100 easily. The other possibility is to do the Captcha game: The system shows an image with a small riddle in it, one that is hard to solve by a robot. It does not have to be only that distorted text. It can also be more creative like telling what color an animal in the picture has. The disadvantage is that this will make the click to call feature inconvenient and people might prefer to use the traditional phone call. Quote Link to comment Share on other sites More sharing options...
hosted Posted July 30, 2013 Author Report Share Posted July 30, 2013 Captcha wont work, its not the webrtc client that is at fault. the scanner will just find the PBX directly. which is why i suggested having the snomone trunk verify the UserAgent = snomwebtrc is valid and passes the call. then a scanner who's Useragent = friendly-scanner wont match and it wont process the call. auto attendant is a good idea, but IMO as a business when someone clicks call on your web site i would rather have a live body answer the call and make the experience as easy to deal with as possible. OR maybe make the webrtc client use TCP signalling.. that would work! Quote Link to comment Share on other sites More sharing options...
Vodia PBX Posted July 31, 2013 Report Share Posted July 31, 2013 Fortunately, webrtc always uses TCP or TLS. No UDP madness. Quote Link to comment Share on other sites More sharing options...
hosted Posted August 1, 2013 Author Report Share Posted August 1, 2013 thats good! so in the trunk how can we tell it to only accept connections from TCP/TLS only so a UDP sip scanner wont be allowed.. were getting close! Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.