Santosh Pandit beatquantum
crypto-cypher
/ fortinet_victim_list_2021.txt
Last active
February 7, 2023 23:46
Fortinet Victim List - "Hackers leak passwords for 500,000 Fortinet VPN accounts" #TrackThePlanet
This file has been truncated, but you can view the full file.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ##### COURTESY | |
| # @CuratedIntel | |
| # https://curatedintel.org | |
| ##### BACKGROUND | |
| # Initally shared on RAMP ransomware forum | |
| # Last shared on Groove ransomware extortion website | |
| # Publicized by Bleeping Computer, which led to this post being issued to help blue teamers | |
| # https://www.bleepingcomputer.com/news/security/hackers-leak-passwords-for-500-000-fortinet-vpn-accounts/ |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ### 1: Drop invalid packets ### | |
| /sbin/iptables -t mangle -A PREROUTING -m conntrack --ctstate INVALID -j DROP | |
| ### 2: Drop TCP packets that are new and are not SYN ### | |
| /sbin/iptables -t mangle -A PREROUTING -p tcp ! --syn -m conntrack --ctstate NEW -j DROP | |
| ### 3: Drop SYN packets with suspicious MSS value ### | |
| /sbin/iptables -t mangle -A PREROUTING -p tcp -m conntrack --ctstate NEW -m tcpmss ! --mss 536:65535 -j DROP | |
| ### 4: Block packets with bogus TCP flags ### |