Possible Vulnerability in SoftEther
Posted: Tue Sep 01, 2020 8:36 am
Hi,
We have been running SoftEther server for a while now, installed from the AWS Marketplace. Ver 4.20, Build 9608, Intel x64 / AMD64
Last week we got an alert from AWS GuardDuty to say that the server was making DNS requests to a known malicious URL. The AWS alert was for Trojan:EC2/DropPoint!DNS.
The URL appears to be: standard.t-0001.t-msedge.net
We are not using the Azure DNS feature.
Does anyone have any idea what this request is and why it is being made?
Many thanks,
Ark
We have been running SoftEther server for a while now, installed from the AWS Marketplace. Ver 4.20, Build 9608, Intel x64 / AMD64
Last week we got an alert from AWS GuardDuty to say that the server was making DNS requests to a known malicious URL. The AWS alert was for Trojan:EC2/DropPoint!DNS.
The URL appears to be: standard.t-0001.t-msedge.net
We are not using the Azure DNS feature.
Does anyone have any idea what this request is and why it is being made?
Many thanks,
Ark