| GEN:SID | 1:630 |
| Message | SCAN synscan portscan |
| Summary | A host has scanned the network looking for vulnerable servers.
|
| Impact | Information leak, reconnaisance, preperation for automated attack such as worm propagation
|
| Detailed Information | Synscan is the scanning and vulnerability testing engines for ramen, canserserver and is included in some versions of the t0rn root kit as t0rnscan. It is a very fast syn scanner.
|
| Affected Systems | |
| Attack Scenarios | This is a scanning tool that is often the precursor to a worm infection.
|
| Ease of Attack | This scanner is fast and easy to use. It is readily available and was included with several worms.
|
| Corrective Action | Run flexresp with synscan kill.
|
| Additional References | |
| Rule References | arachnids: 441
|