Versions (6)
Version DetailsCurrent
Rev: 4 • Jul 24, 2025, 5:44 PMATTACK [PTsecurity] Mikrotik RouterOS unauthenticated DNS cache poisoning (CVE-2019-3978)
alert tcp any any -> any any (msg:"ATTACK [PTsecurity] Mikrotik RouterOS unauthenticated DNS cache poisoning (CVE-2019-3978)"; flow:established, to_server, no_stream; content:"M2"; offset:4; depth:2; content:"|01 00 00 08|"; content:"|07 00 FF 09 03|"; content:"|03 00 00 21|"; content:"|01 00 FF 88 01 00 0E 00 00 00|"; reference:cve, 2019-3978; reference:url, medium.com/tenable-techblog/routeros-chain-to-root-f4e0b07c0b21; reference:url, rules.ptsecurity.com; classtype:attempted-admin; sid:10005475; rev:4;)
Jul 24, 2025, 5:44 PM
Jul 24, 2025, 5:44 PM
Oct 16, 2025, 10:34 AM
Oct 16, 2025, 10:34 AM
rules/ptopen-attacks.rules