GEN:SID 1:630
Message SCAN synscan portscan
Summary A host has scanned the network looking for vulnerable servers.
Impact Information leak, reconnaisance, preperation for automated attack such as worm propagation

Detailed Information Synscan is the scanning and vulnerability testing engines for ramen, canserserver and is included in some versions of the t0rn root kit as t0rnscan. It is a very fast syn scanner.
Affected Systems  
Attack Scenarios This is a scanning tool that is often the precursor to a worm infection.

Ease of Attack This scanner is fast and easy to use. It is readily available and was included with several worms.

Corrective Action Run flexresp with synscan kill.
Additional References  
Rule References arachnids: 441