VoIP Security Exploit Demo
Our client, a Voice-Over-IP (VoIP) security appliance manufacturer, tasked us to build a VoIP security exploit demonstration. The technical details of the security exploit itself are proprietary.
This client/server system is written in C++ using UDP sockets and STL containers.
The Win32 client is a multi-threaded app with GUI.
The Unix/Linux server uses a single-threaded event-driven design (similar to boost::asio's strands concept and the lighttpd web server approach). We selected this architecture over a multi-threaded one for these reasons:
- The incoming UDP data provides its own context better than a thread of control for this particular application.
- Concurrency gives no processing gain in this case.
- This light-weight, single-threaded, event-driven approach scales better for large numbers of simultaneous clients.
Both client and server use the open-source Crypto++ library.