alert icmp any any -> $HOME_NET any (msg: "NMAP ping sweep Scan"; dsize:0;sid:10000006; rev: 1;)
alert tcp any any -> $HOME_NET any (msg: "NMAP XMAS Tree Scan"; flags:FPU;sid:10000008; rev: 3;)
alert tcp any any -> $HOME_NET any (msg: "NMAP FIN Scan"; flags:F;sid:10000009; rev: 4;)
alert tcp any any -> $HOME_NET any (msg: "NMAP NULL Scan"; flags:0;sid:100000010; rev: 5;)
alert udp any any -> $HOME_NET any (msg: "NMAP UDP Scan";sid:100000011; rev: 6;)

# TCP SYN
alert tcp any any  <> 192.168.110.246 any (msg:"TCP SYN";     flags:S;   sid:11000001; rev:1;)
alert tcp any any  <> 192.168.110.246 any (msg:"TCP SYN/ACK"; flags:SA;  sid:11000002; rev:1;)
alert tcp any any  <> 192.168.110.246 any (msg:"TCP RST";     flags:R;   sid:11000004; rev:1;)
alert icmp any any <> 192.168.110.246 any (msg:"ICMP Destination Unreachable"; itype:3; sid:1100005; rev:1;)

# TCP Connect Scan
alert tcp any any  <> 192.168.110.246 any (msg:"TCP SYN";     flags:S;   sid:11100001; rev:1;)
alert tcp any any  <> 192.168.110.246 any (msg:"TCP SYN/ACK"; flags:SA;  sid:11100002; rev:1;)
#alert tcp any any  <> 192.168.110.246 any (msg:"TCP ACK";     flags:A;   sid:11100003; rev:1;)
alert tcp any any  <> 192.168.110.246 any (msg:"TCP RST/ACK"; flags:RA;  sid:11100005; rev:1;)
alert icmp any any <> 192.168.110.246 any (msg:"ICMP Destination Unreachable"; itype:3; sid:1110005; rev:1;)