Rule History

SID: 2031804 • Source: et/open

Versions (4)

Version DetailsCurrent

Rev: 1 • Mar 3, 2021, 12:00 PM

Message:

ET EXPLOIT DNS Change Attempt (Unknown Device)

Rule:

alert http any any -> $HOME_NET any (msg:"ET EXPLOIT DNS Change Attempt (Unknown Device)"; flow:established,to_server; http.method; content:"POST"; http.uri; content:"/advWAN.cgi"; startswith; http.request_body; content:"tAction=editApply"; content:"viewPage=multiWANCfg"; content:"action=edit"; content:"dns1="; content:"dns2="; reference:url,cujo.com/dns-hijacking-attacks-on-home-routers-in-brazil/; classtype:attempted-admin; sid:2031804; rev:1; metadata:affected_product Router, attack_target Networking_Equipment, created_at 2021_03_03, deployment Internal, performance_impact Low, confidence Medium, signature_severity Major, tag DNS_Hijack, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2021_03_03;)

Created:

Mar 3, 2021, 12:00 PM

Updated:

Mar 3, 2021, 12:00 PM

DB Created:

Sep 21, 2024, 3:00 AM

DB Updated:

Sep 15, 2025, 9:36 PM

Filename:

rules/emerging-exploit.rules