ET EXPLOIT ARG-W4 ASDL Router DNS Changer Exploit Attempt M2

SID: 2031808Rev: 20 views
History
Sourceet/open
CreatedMarch 4, 2021
UpdatedMarch 4, 2021
Classificationattempted-admin
alert http any any -> $HOME_NET any (msg:"ET EXPLOIT ARG-W4 ASDL Router DNS Changer Exploit Attempt M2"; flow:established,to_server; http.uri; content:"/form2wan.cgi?wantype=1"; nocase; content:"&wan_dns2="; distance:0; content:"&wan_dns3="; distance:0; content:"&submit.htm"; distance:0; content:"wan.htm=send&save="; fast_pattern; distance:0; nocase; reference:url,cujo.com/dns-hijacking-attacks-on-home-routers-in-brazil/; classtype:attempted-admin; sid:2031808; rev:2; metadata:attack_target Networking_Equipment, created_at 2021_03_04, deployment Perimeter, performance_impact Moderate, confidence High, signature_severity Major, tag DNS_Hijack, updated_at 2021_03_04;)

References

urlcujo.com/dns-hijacking-attacks-on-home-routers-in-brazil/

Metadata

attack targetNetworking_Equipment
created at2021_03_04
deploymentPerimeter
performance impactModerate
confidenceHigh
signature severityMajor
tagDNS_Hijack
updated at2021_03_04

Comments (0)

Please sign in to leave a comment.
Sign in

No comments yet. Be the first to comment!