Hi,
We have been running SoftEther server for a while now, installed from the AWS Marketplace. Ver 4.20, Build 9608, Intel x64 / AMD64
Last week we got an alert from AWS GuardDuty to say that the server was making DNS requests to a known malicious URL. The AWS alert was for Trojan:EC2/DropPoint!DNS.
The URL appears to be: standard.t-0001.t-msedge.net
We are not using the Azure DNS feature.
Does anyone have any idea what this request is and why it is being made?
Many thanks,
Ark
Possible Vulnerability in SoftEther
-
- Posts: 183
- Joined: Sun Jul 19, 2015 4:23 pm
Re: Possible Vulnerability in SoftEther
Do you have any idea what the 'maiicous url' is? My suggestion would be to file a bug report on github, you'll probably get a quicker response there.
Regards
Bill
Bill
-
- Posts: 2
- Joined: Tue Sep 01, 2020 8:23 am
Re: Possible Vulnerability in SoftEther
Yes, it was standard.t-0001.t-msedge.net
Which seems to be part of the Azure CDN, so I thought it might be related to the Azure VPN feature. Have posted it on GitHub too now.
Which seems to be part of the Azure CDN, so I thought it might be related to the Azure VPN feature. Have posted it on GitHub too now.
-
- Site Admin
- Posts: 2070
- Joined: Sat Mar 09, 2013 5:37 am
Re: Possible Vulnerability in SoftEther
VPN Azure services are not related to the Windows Azure cloud.
I think the service is hosted at University of Tsukuba and the CDN is not used.
The image on the AWS Marketplace may be a Trojan horse.
I think the service is hosted at University of Tsukuba and the CDN is not used.
The image on the AWS Marketplace may be a Trojan horse.