🐾 - 🚨 Possible Fortinet VPN Client 🧱 for 🪟 Windows establishing external connection (api.ipify.org lookup public IP address + ja3 identified)

SID: 3321277Rev: 27 views
History
Sourcepawpatrules
CreatedJune 4, 2024
UpdatedFebruary 13, 2025
Classificationpolicy-violation
alert tls $HOME_NET any -> $EXTERNAL_NET any (msg:"🐾 - 🚨 Possible Fortinet VPN Client 🧱 for 🪟 Windows establishing external connection (api.ipify.org lookup public IP address + ja3 identified)"; flow:to_server, stateless; threshold:type limit, track by_src,count 1, seconds 3600; tls_sni; content:"api.ipify.org"; ssl_version:tls1.3; ja3.hash; content:"bc29aa426fc99c0be1b9be941869f88a"; fast_pattern; metadata:created_at 2024_06_04, updated_at 2025_02_13; sid:3321277; rev:2; classtype:policy-violation;)

Metadata

created at2024_06_04
updated at2025_02_13

Comments (0)

Please sign in to leave a comment.
Sign in

No comments yet. Be the first to comment!