Unknown datagram decoding problem

["Secureplay" <secureplay () sbcglobal net>]

Can someone explain to me the "Unknown datagram decoding problem" event? Is
the problem with the decoding or with the fact that the datagram is
"unknown"?

Here's what I'm seeing: I logged about six of these. Both source and
destination addresses are valid addresses and the machines are up. 

IP
--

source addr |   dest addr  | Ver | Hdr Len |TOS | length |   
X.x.x.x         |  y.y.y.y         |  4  |    5    | 0  | 29     |  

| ID    |  flags | offset | TTL | chksum
| 26557 |    0   |   0    | 127 | 45539

Options: none

ICMP
----
type                                    | code                   | checksum
(3) Destination Unreachable   | (3) Port Unreachable   | 47100  

Payload
-------

length = 5

000 : 00 00 00 00 45                                    ....E

Protocol: IP, org source ip: 0.0.0.0,  org source port: 0, org.destination
ip: 0, org.destination 


The strange thing is, even though it says that it's a problem with decoding
this packet, if I click on the snort description for the event (I'm using
ACID), it shows me description for sid 108, "BACKDOOR QAZ Worm Client Login
access". 





-------------------------------------------------------
This SF.net email is sponsored by: The SF.net Donation Program.
Do you like what SourceForge.net is doing for the Open
Source Community?  Make a contribution, and help us add new
features and functionality. Click here: http://sourceforge.net/donate/
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users