Possible Vulnerability in SoftEther

Post your questions about SoftEther VPN software here. Please answer questions if you can afford.
Post Reply
arrkaye
Posts: 2
Joined: Tue Sep 01, 2020 8:23 am

Possible Vulnerability in SoftEther

Post by arrkaye » Tue Sep 01, 2020 8:36 am

Hi,

We have been running SoftEther server for a while now, installed from the AWS Marketplace. Ver 4.20, Build 9608, Intel x64 / AMD64

Last week we got an alert from AWS GuardDuty to say that the server was making DNS requests to a known malicious URL. The AWS alert was for Trojan:EC2/DropPoint!DNS.

The URL appears to be: standard.t-0001.t-msedge.net

We are not using the Azure DNS feature.

Does anyone have any idea what this request is and why it is being made?

Many thanks,
Ark

fenice
Posts: 167
Joined: Sun Jul 19, 2015 4:23 pm

Re: Possible Vulnerability in SoftEther

Post by fenice » Tue Sep 01, 2020 9:16 am

Do you have any idea what the 'maiicous url' is? My suggestion would be to file a bug report on github, you'll probably get a quicker response there.
Regards


Bill

arrkaye
Posts: 2
Joined: Tue Sep 01, 2020 8:23 am

Re: Possible Vulnerability in SoftEther

Post by arrkaye » Wed Sep 02, 2020 11:38 am

Yes, it was standard.t-0001.t-msedge.net

Which seems to be part of the Azure CDN, so I thought it might be related to the Azure VPN feature. Have posted it on GitHub too now.

cedar
Site Admin
Posts: 1406
Joined: Sat Mar 09, 2013 5:37 am

Re: Possible Vulnerability in SoftEther

Post by cedar » Fri Sep 04, 2020 3:17 am

VPN Azure services are not related to the Windows Azure cloud.
I think the service is hosted at University of Tsukuba and the CDN is not used.
The image on the AWS Marketplace may be a Trojan horse.

Post Reply