GEN:SID 1:627
Message SCAN cybercop os SFU12 probe
Summary This event is generated when the Cybercop vulnerability scanner is used
against a host.
Impact Cybercop can be used to identify vulnerabilities on host systems.
Detailed Information This particular packet is a part of Cybercop's OS identification.  
Specially crafted packets are able to elicit different responses from
different operating systems.  This packet is likely to be part of a full
Cybercop scan rather than an isolated event. Having SYN, FIN, URG and
reserve bits 1 and 2 set at the same time is abnormal.
Affected Systems All
Attack Scenarios Cybercop can be used by attackers to determine vulnerabilities present
on a host or network of hosts that could be used as attack vectors.
Ease of Attack Simple
Corrective Action TCP packets with SYN, FIN, URG and reserved bits 1 and 2 set at the same
time are abnormal, use a packet filtering firewall to block them.
Additional References Arachnids:
http://www.whitehats.com/info/IDS150
Rule References arachnids: 150