GEN:SID 1:433
Message ICMP Photuris undefined code!
Summary This event is generated when a host generates and ICMP Type 40 datagram with an undefined ICMP Code.
Impact ICMP Type 40 datagrams are an indication that a received datagram failed a integrity check for a given SPI.  Normally this is an indication that hosts using IP Security Protocols such as AH or ESP have been configured incorrectly or are failing to establish a session with another host.
Detailed Information Hosts using IP Security Protocols such as AH or ESP generate ICMP Type 40 datagrams when a failure condition occurs.  ICMP Type 40 datagrams are generated when a received datagram fails an integrity check for a given SPI (Security Parameters Index).  ICMP Type 40 datagrams should never be generated with an undefined ICMP Code, this could be an indication of nefarious network activity.
Affected Systems  
Attack Scenarios None known
Ease of Attack Numerous tools and scripts can generate this type of ICMP datagram.
Corrective Action ICMP Type 40 datagrams not normally seen on the network.  Currently Sourcefire is unaware of any hardware that has implemented these types of ICMP datagrams.  Hosts generating these types of ICMP datagrams should be investigated for nefarious activity or configuration errors.
Additional References RFC2521