GEN:SID 1:331
Message FINGER cybercop query
Summary This is an intelligence gathering activity. This event is indicative of an information leak attempt against a finger daemon performed by a vulnerability scanner
Impact The attacker may obtain information about user accounts on the target system.
Detailed Information This event is generated when an attempt to query the finger daemon is attempted by the Cybercop vulnerability scanner.

The Finger daemon is used to provide information about users on a UNIX system. It used to be installed and enabled by default on most UNIX/Linux systems. The scan will confirm that the target host will respond to finger queries.
Affected Systems  
Attack Scenarios An attacker uses the Cybercop vulnerability scanner to test for this weakness.
Ease of Attack Simple, performed by a scanner
Corrective Action Disable the finger daemon or limit the addresses that can access the service via a firewall or TCP wrappers.

Additional References Arachnids:
http://www.whitehats.com/info/IDS132

CVE:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0612
Rule References arachnids: 132
cve: 1999-0612