Signature Detail

APP: Packetix VPN Connection

This signature detects connections to a Packetix VPN Server, the sucessor to SoftEther. Packetix is commonly used to tunnel peer-to-peer file sharing applications in Japan and other Asian countries using SSL encryption. It is not commonly used in the Americas or Europe. Due to the considerable performance impact this signature can impose, use this signature only if you suspect Packetix activity on your network.

Extended Description

An attacker through a compromised VPN client may be able to connect to the VPN server. This would allow attacker to execute arbitrary commands or perform other malicious operations with the privileges of the VPN client user. By transferring malicious files via a Packetix protected file sharing service, the attacker may compromise systems on a network.

References

• URL: http://en.wikipedia.org/wiki/Softether
• URL: http://www.softether.com/jp/