GEN:SID 1:328
Message FINGER bomb attempt
Summary This event is generated when a Denial-of-Service (DoS) attack against a finger daemon is attempted.
Impact The attacker may overload the target machine or crash the finger daemon
Detailed Information This event is generated when a specially crafted finger query is directed at a target UNIX host.

The Finger daemon is used to provide information about users on a UNIX system. It used to be installed and enabled by default on most UNIX/Linux systems. The attack will crash or overload the vulnerable machines.
Affected Systems  
Attack Scenarios The attacker needs to send specially crafted packets to the finger daemon on a host.
Ease of Attack Moderate, no exploit software is required, just a specially formatted finger query
Corrective Action Disable the finger daemon or limit the addresses that can access the service via firewall or TCP wrappers.
Additional References CVE:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-0106

Arachnids:
http://www.whitehats.com/info/IDS381
Rule References arachnids: 381
cve: 1999-0106