GitHub repo with the FortiGate config dump IPs. If you’re on this list, you need an incident to rotate creds etc.
https://github.com/arsolutioner/fortigate-belsen-leak/blob/main/affected_ips.txt
GitHub repo with the FortiGate config dump IPs. If you’re on this list, you need an incident to rotate creds etc.
https://github.com/arsolutioner/fortigate-belsen-leak/blob/main/affected_ips.txt
@GossiTheDog Thanks for sharing this.
We just checked for our IP ranges (nothing in there) but one of my colleagues grouped the IPs in the repo by AS - funnily enough, a good number of the top few are AS from which we frequently see DDOS traffic against our services. Perhaps suggests a lack of care & maintenance on their part & that the DDOS are likely from/via compromised kit. Not a major surprise.
@tdp_org @GossiTheDog I find the absence of, e.g., 3320 in that list a bit odd.