Recently i tested nmap out . I armored a Redhat box out side my internet perimeter and hacked away at a box with win2k on it running the latest version of black ice defender it was surprising . Nmap saw ports as closed but it knew something was firewalling those ports it also attempted to finger print the os and succeeded. So i figured out that black ice in its default settings is not very stealthy but in the advanced firewall settings if you bring the settings up to Nervous and run the Nmap scanner you wont get the message that any thing is there . Nmap is a great auditing tool but like all great hings i can be used to fin scan and as you know most firewalls wont be able to correct a Fin scan using Udp ports. If you are using black ice or check point with the lastest software These firewalls wont see the initial fin scan but they will diagnose by name the nmap ping then you can take what ever precautionary measures you need to Ie tcp wrappers snort .
Well thats all folks EviL