SoftEther VPN User Forum

SoftEther VPN User Forum
https://forum.softether.org/

Possible Vulnerability in SoftEther

https://forum.softether.org/viewtopic.php?f=7&t=66196

Page 1 of 1

Possible Vulnerability in SoftEther

Posted: Tue Sep 01, 2020 8:36 am
by arrkaye
Hi,

We have been running SoftEther server for a while now, installed from the AWS Marketplace. Ver 4.20, Build 9608, Intel x64 / AMD64

Last week we got an alert from AWS GuardDuty to say that the server was making DNS requests to a known malicious URL. The AWS alert was for Trojan:EC2/DropPoint!DNS.

The URL appears to be: standard.t-0001.t-msedge.net

We are not using the Azure DNS feature.

Does anyone have any idea what this request is and why it is being made?

Many thanks,
Ark

Re: Possible Vulnerability in SoftEther

Posted: Tue Sep 01, 2020 9:16 am
by fenice
Do you have any idea what the 'maiicous url' is? My suggestion would be to file a bug report on github, you'll probably get a quicker response there.

Re: Possible Vulnerability in SoftEther

Posted: Wed Sep 02, 2020 11:38 am
by arrkaye
Yes, it was standard.t-0001.t-msedge.net

Which seems to be part of the Azure CDN, so I thought it might be related to the Azure VPN feature. Have posted it on GitHub too now.

Re: Possible Vulnerability in SoftEther

Posted: Fri Sep 04, 2020 3:17 am
by cedar
VPN Azure services are not related to the Windows Azure cloud.
I think the service is hosted at University of Tsukuba and the CDN is not used.
The image on the AWS Marketplace may be a Trojan horse.
All times are UTC
Page 1 of 1
Powered by phpBB® Forum Software © phpBB Limited
https://www.phpbb.com/