I'm seeing lots of these, they are also triggering (correctly) the iroffer
alert.
R
META
--------
SID CID TimeStamp Signature
3 3707243 2005-05-18 12:31:08 BLEEDING-EDGE EXPLOIT mIRC <=6.12 DCC
Buffer Overflow
Sig ID
2000329
Sensor Hostname Sensor Interface
hihi.itss eth1
IP
--------
Source Address Dest Address Ver Hdr Len
66.252.1.215 130.216.1.33 4 5
TOS length ID flags offset TTL chksum
0 656 50768 2 0 54 45899
Resolved Source
66.252.1.215.hipnotic.org
Resolved Dest
railcamp-fw.net.auckland.ac.nz
TCP
--------
Source Port Dest Port Seq Ack
6667 2387 718579870 4294267129
Offset Reserved Flags Window Checksum Urgent Ptr
5 0 24 5178 25891 0
Options
--------
None
Flags
--------
RB 1 RB 0 URG ACK PSH RST SYN FIN
X X
DATA
--------
3A544D442D584443432D :TMD-XDCC-
477561726469616E416E GuardianAn
67656C73323238217E54 gels228!~T
4D444031613335383030 MD@1a35800
352E656337353933612E 5.ec7593a.
656173746C696E6B2E63 eastlink.c
6120505249564D534720 a PRIVMSG
23544D442D4D4F564945 #TMD-MOVIE
5A203A022A2A02203220 Z :.**. 2
7061636B7320022A2A02 packs .**.
202031206F6620322073 1 of 2 s
6C6F7473206F70656E2C lots open,
205265636F72643A2036 Record: 6
312E304B69422F730D0A 1.0KiB/s..
3A544D442D584443432D :TMD-XDCC-
477561726469616E416E GuardianAn
67656C73323238217E54 gels228!~T
4D444031613335383030 MD@1a35800
352E656337353933612E 5.ec7593a.
656173746C696E6B2E63 eastlink.c
6120505249564D534720 a PRIVMSG
23544D442D4D4F564945 #TMD-MOVIE
5A203A022A2A02204261 Z :.**. Ba
6E647769647468205573 ndwidth Us
61676520022A2A022043 age .**. C
757272656E743A203135 urrent: 15
2E394B69422F732C2052 .9KiB/s, R
65636F72643A2039342E ecord: 94.
314B69422F730D0A3A54 1KiB/s..:T
4D442D584443432D4775 MD-XDCC-Gu
61726469616E416E6765 ardianAnge
6C73323238217E544D44 ls228!~TMD
4031613335383030352E @1a358005.
656337353933612E6561 ec7593a.ea
73746C696E6B2E636120 stlink.ca
505249564D5347202354 PRIVMSG #T
4D442D4D4F5649455A20 MD-MOVIEZ
3A022A2A0220546F2072 :.**. To r
65717565737420612066 equest a f
696C6520747970653A20 ile type:
222F6D736720544D442D "/msg TMD-
584443432D4775617264 XDCC-Guard
69616E416E67656C7332 ianAngels2
32382078646363207365 28 xdcc se
6E642023782220022A2A nd #x" .**
020D0A3A544D442D5844 ...:TMD-XD
43432D47756172646961 CC-Guardia
6E416E67656C73323238 nAngels228
217E544D444031613335 !~TMD@1a35
383030352E6563373539 8005.ec759
33612E656173746C696E 3a.eastlin
6B2E636120505249564D k.ca PRIVM
53472023544D442D4D4F SG #TMD-MO
5649455A203A02233120 VIEZ :.#1
022032353778205B3139 . 257x [19
314D5D20033039205B54 1M] .09 [T
4D445D456C6F6973652E MD]Eloise.
41742E4368726973746D At.Christm
617374696D652E28556E astime.(Un
4B6E6F776E292E445644 Known).DVD
5269702E28316F663229 Rip.(1of2)
2E6176690D0A .avi..
DATA
--------
:TMD-XDCC-GuardianAngels228!~TMD@1a358005.ec7593a.eastlink.c
a PRIVMSG #TMD-MOVIEZ :.**. 2 packs .**. 1 of 2 slots open,
Record: 61.0KiB/s..:TMD-XDCC-GuardianAngels228!~TMD@1a35800
5.ec7593a.eastlink.ca PRIVMSG #TMD-MOVIEZ :.**. Bandwidth Us
age .**. Current: 15.9KiB/s, Record: 94.1KiB/s..:TMD-XDCC-Gu
ardianAngels228!~TMD@1a358005.ec7593a.eastlink.ca PRIVMSG #T
MD-MOVIEZ :.**. To request a file type: "/msg TMD-XDCC-Guard
ianAngels228 xdcc send #x" .**...:TMD-XDCC-GuardianAngels228
!~TMD@1a358005.ec7593a.eastlink.ca PRIVMSG #TMD-MOVIEZ :.#1
. 257x [191M] .09 [TMD]Eloise.At.Christmastime.(UnKnown).DVD
Rip.(1of2).avi..
smime.p7s
Description: S/MIME cryptographic signature
