GEN:SID 1:1133
Message SCAN cybercop os probe
Summary This event is generated when the Cybercop vulnerability scanner is used
against a host.
Impact Cybercop can be used to identify vulnerabilities on host systems.
Detailed Information This particular packet is a part of Cybercop's OS identification.  
Specially crafted packets are able to elicit different responses from
different operating systems.  This packet is likely to be part of a full
Cybercop scan rather than an isolated event.
Affected Systems All
Attack Scenarios Cybercop can be used by attackers to determine vulnerabilities present
on a host or network of hosts that could be used as attack vectors.
Ease of Attack Simple
Corrective Action TCP packets with SYN, FIN and PUSH set at the same time are abnormal,
use a packet filtering firewall to block them.
Additional References Arachnids:
http://www.whitehats.com/info/IDS145
Rule References arachnids: 145