APP: Packetix VPN Connection
This signature detects connections to a Packetix VPN Server, the sucessor to SoftEther. Packetix is commonly used to tunnel peer-to-peer file sharing applications in Japan and other Asian countries using SSL encryption. It is not commonly used in the Americas or Europe. Due to the considerable performance impact this signature can impose, use this signature only if you suspect Packetix activity on your network.
Extended Description
An attacker through a compromised VPN client may be able to connect to the VPN server. This would allow attacker to execute arbitrary commands or perform other malicious operations with the privileges of the VPN client user. By transferring malicious files via a Packetix protected file sharing service, the attacker may compromise systems on a network.
References
URL: http://en.wikipedia.org/wiki/Softether http://www.softether.com/jp/
Short Name
APP:TUN:PACKETIX-VPN-CONNECT
Severity
Info
Recommended
False
Recommended Action
None
Category
APP
Keywords
Connection Packetix VPN
Release Date
09/26/2006
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3375
False Positive
Rarely