[Snort-users] WEB-CLIENT Content-Disposition CLSID command attempt (Sig 1:2589) on google ip ranges?

Chan, Wilson wchan at ...14702...
Tue Nov 10 15:11:44 EST 2009


Anyone have any ideas why Snort is trigger this CLSID rule on google ip
ranges?

 

==Snort Event==

http://pastebin.ca/1665359 <http://pastebin.ca/1665359> 

 

 

http://cve.mitre.org/cgi-bin/cvename.cgi?name=2004-0420

http://www.snortid.com/snortid.asp?QueryID=1:2589

 

 

These 5 ips owned by google is triggering this alert.

66.102.7.99

72.14.213.91

72.14.213.93

72.14.213.136

72.14.213.190

 

OrgName:    Google Inc.

NetRange:   72.14.192.0 - 72.14.255.255

CIDR:       72.14.192.0/18

NetRange:   66.102.0.0 - 66.102.15.255

CIDR:       66.102.0.0/20

NetName:    GOOGLE

 

 

Wilson 

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20091110/3c3384f5/attachment.html>


More information about the Snort-users mailing list