Avoiding IDS: the --scanflags option FIN Scan can take any combination of FIN, URG, and PSH # nmap -sF --scanflags PSHURG db.yuma.net Starting nmap 3.30 ( http://www.insecure.org/nmap/ ) at 2003-07-30 01:15 PDT Interesting ports on db.yuma.net ( (The 1641 ports scanned but not shown below are in state: closed) Port State Service 22/tcp open ssh 111/tcp open sunrpc 1024/tcp open kdm Nmap run completed -- 1 IP address (1 host up) scanned in 5.917 seconds