Avoiding IDS: the --scanflags option SYN Scan can often take extra flags -- even FIN: # nmap -sS --scanflags SYNFIN db.yuma.net Starting nmap 3.30 ( http://www.insecure.org/nmap/ ) at 2003-07-30 01:14 PDT Interesting ports on db.yuma.net (192.168.0.4): (The 1641 ports scanned but not shown below are in state: closed) Port State Service 22/tcp open ssh 111/tcp open sunrpc 1024/tcp open kdm Nmap run completed -- 1 IP address (1 host up) scanned in 3.779 seconds