GEN:SID 1:469
Message ICMP PING NMAP
Summary This event is generated when an ICMP ping typically generated by nmap is detected.
Impact This could indicate a full scan by nmap which is sometimes indicative of
potentially malicious behavior.
Detailed Information Nmap's ICMP ping, by default, sends zero data as part of the ping.
Nmap typically pings the host via icmp if the user has root
privileges, and uses a tcp-ping otherwise.  
Affected Systems  
Attack Scenarios As part of an information gathering attempt, an attacker may use nmap
to see what hosts are alive on a given network.  If nmap is used for
portscanning as root, the icmp ping will occur by default unless the
user specifies otherwise (via '-P0').
Ease of Attack Trivial.  Nmap requires little or no skill to operate.
Corrective Action If you detect other suspicous traffic from this host (i.e., a
portscan), follow standard procedure to assess what threat this may
pose.  If you only detect the icmp ping, this may have simply been a
'ping sweep' and may be ignored.
Additional References www.insecure.org

Rule References arachnids: 162