Versions (3)
Version DetailsCurrent
Rev: 2 • Mar 4, 2021, 12:00 PMET EXPLOIT ARG-W4 ASDL Router DNS Changer Exploit Attempt M2
alert http any any -> $HOME_NET any (msg:"ET EXPLOIT ARG-W4 ASDL Router DNS Changer Exploit Attempt M2"; flow:established,to_server; http.uri; content:"/form2wan.cgi?wantype=1"; nocase; content:"&wan_dns2="; distance:0; content:"&wan_dns3="; distance:0; content:"&submit.htm"; distance:0; content:"wan.htm=send&save="; fast_pattern; distance:0; nocase; reference:url,cujo.com/dns-hijacking-attacks-on-home-routers-in-brazil/; classtype:attempted-admin; sid:2031808; rev:2; metadata:attack_target Networking_Equipment, created_at 2021_03_04, deployment Perimeter, performance_impact Moderate, confidence High, signature_severity Major, tag DNS_Hijack, updated_at 2021_03_04;)
Mar 4, 2021, 12:00 PM
Mar 4, 2021, 12:00 PM
Sep 21, 2024, 3:00 AM
Sep 21, 2024, 3:00 AM
rules/emerging-exploit.rules