Provided by Aanval (Snort & Syslog Intrusion Detection and Correlation Engine) www.aanval.com
--
GEN:SID | 1:630 |
Message | SCAN synscan portscan |
Summary | A host has scanned the network looking for vulnerable servers. |
Impact | Information leak, reconnaisance, preperation for automated attack such as worm propagation |
Detailed Information | Synscan is the scanning and vulnerability testing engines for ramen, canserserver and is included in some versions of the t0rn root kit as t0rnscan. It is a very fast syn scanner. |
Affected Systems | |
Attack Scenarios | This is a scanning tool that is often the precursor to a worm infection. |
Ease of Attack | This scanner is fast and easy to use. It is readily available and was included with several worms. |
Corrective Action | Run flexresp with synscan kill. |
Additional References | |
Rule References | arachnids: 441 |
--
DID:458446
--
http://www.aanval.com/