| GEN:SID | 1:622 |
| Message | SCAN ipEye SYN scan |
| Summary | This event is generated when a scan is detected.
|
| Impact | Information gathering.
|
| Detailed Information | This event indicates that an attempt has been made to scan a host.
This may be the prelude to an attack. Scanners are used to ascertain which ports a host may be listening on, whether or not the ports are filtered by a firewall and if the host is vulnerable to a particular exploit.
|
| Affected Systems | Any host.
|
| Attack Scenarios | An attacker can determine if ports 21 and 20 are being used for FTP. Then the attacker might find out that the FTP service is vulnerable to a particular attack and is then able to compromise the host.
|
| Ease of Attack | Simple.
|
| Corrective Action | Determine whether or not the scan was legitimate then look for other events concerning the attacking IP address.
Check the host for signs of compromise.
|
| Additional References | |
| Rule References | arachnids: 236
|