GEN:SID 1:629
Message SCAN nmap fingerprint attempt
Summary This event is generated when the nmap port scanner and reconnaissance
tool is used against a host.

When run with the '-O' option, it attempts to identify the remote  
operating system.
Impact Can provide useful reconnaissance information to an attacker.  Has been
known to cause a denial of service on some older  hosts.
Detailed Information nmap attempts to identify the remote operating system by looking for
different services that are common or specific to  particular operating
systems.  It also sends a variety of abnormal packets that are often
handled differently by different  operating systems so that it can
differentiate between them based on the responses.
Affected Systems All
Attack Scenarios nmap is often used before an attempt to gain access to a system.
Ease of Attack Simple
Corrective Action Block any TCP packets that have the SYN, FIN, PUSH and URGENT flags set
using a firewall.  Block only packets that have all four of the flags
set as they are individually and in other combinations necessary for
normal TCP traffic.  If you block them  individually or in other
combinations your network will not function correctly.
Additional References Arachnids:
http://www.whitehats.com/info/IDS05

Nmap scanner:
http://www.insecure.org
Rule References arachnids: 05