GEN:SID 1:624
Message SCAN SYN FIN
Summary A tcp packet with it's SYN and FIN flags set was detected.
Impact Information regarding firewall rulesets, open/closed ports, ACLs, and
possibly even OS type is possible.  This technique can also be used to
bypass certain firewalls or traffic filtering/shaping devices.
Detailed Information A tcp packet with it's SYN and FIN flags set was detected.  Most
stacks will respond with an ACK SYN indicating that the port was open,
whereas a closed port will illicit an ACK RST.  
Affected Systems  
Attack Scenarios As part of information gathering leading up to another (more directed)
attack, an attacker may attempt to figure out what ports are
open/closed on a remote machine.
Ease of Attack Intermediate.  To initiate an attack of this type, an attacker either
needs a tool that can send packets with the SYN and FIN flags set or
the ability to craft their own packets.  The former is easy, the later
requires a more advanced skillset.
Corrective Action Determine if this particular port would have responded as being open
or closed.  If open, watch for more attacks on this particular service
or from the remote machine that sent the packet.  If closed, simply
watch for more traffic from this host.
Additional References  
Rule References arachnids: 198