New idea ? audio capcha!

( sorry bad my english )

Sorry maybe I am not writing to the address then please: tell me where do I send my message correctly. Thank you.

I do not know whether it is a new idea or a long time already has everything. I would like to propose to realize in serevere asterisk audio captcha. That is, If anyone wants to call it, before connecting to it with a human voice on the phone offering to press the numbers 2.1, to make sure that he is a man.

In my opinion, it would nullify the attempts to hack the server.

Thank you!

I do not set any security (or other) benefits in that. Usually an attack on the phone system comes from another vector (i.e. SIP signalling hacks or calls to miss-configured DID’s that allow calls to the outside world).

But if you want to do it, you can do it with Asterisk. The Asterisk dialplan code will be the same like for any IVR (I do no see any big difference in dialplan logic between the two cases).

The only sort of abuse that it might be even vaguely useful for is people who dump fast spoken sales pitches onto answering machines. The level of countermeasures for such people is not high enough for them to try to work around even very primitive defences.

(For me, they are mainly related to Disneyland, although I’m recently getting ones offering to sell me a service to fill in a simple claim form for 25% of the compensation awarded (PPI mis-selling), but those may be the result of faulty answering machine detection.)

As you’ve been told already, the real hacking problem uses automation at a stage of the call when there is no media connection. If they have got a media connection, they can put a human onto it.

Example 1:
Big ofice with computers running Windows, on the client computers
viruses penetrate and begin to automatically make calls to a specific address to withdraw money.

Example 2:
They begin to distribute calls through your PBX China, and the client from Afiriki, when dialing, ask a codeword (a set of numbers) in Chinese.


Oh, I get it now, you want to authenticate on outgoing calls. That makes more sense that doing authentication on incomming calls :smile:

Still, the logic is the same as I described in my first answer. If you have any problems during your implementation, feel free to ask.


This is realy just a glorified account codes. what you are proposing is easilly done , but just as easily cracked, for example using googles speech recognition and translate api. would make it less secure thand traditional account codes.