To be quite honest, (and remain on the topic of "how to defend against scans"), there is no defense against many of the information gathering techniques because, in it's own way, no information is information in itself.

Example. Bill Nasty hates a co-worker and wants to hack into his home computer to get information. Joe Victim has a Linksys BEFSR41 router/firewall, (NAT), in front of his computer. Bill sends an email with an embedded link to his web server and waits for Joe to open it to find Joe's IP address. When it is opened Bill NMap's the reported IP address without even using OS guessing. He gets no response and NMAP indicates that all ports are filtered or that the computer is down. Bill knows it isn't down because Joe told him he leaves it on constantly. Reasonable conclusion: Bill can conclude that the computer is most probably behind a consumer grade router with no ports forwarded to the internal, and therefore, NAT'ed machine.

That's information... Turn on OS Guessing in later versions of NMap and it will include the LinkSys in it's short list guesses of the target machine..... But if Bill is reasonably knowledgeable he didn't really need the OS Guessing ability of NMap. He worked out the consumer grade router pretty much on his own.

If he was smart he would have fired up p0f when he sent the email and waited till he had the IP address of Joe. Then, by looking in the p0f log and matching the IP addresses he would see the operating system of Joe's computer behind the firewall..... Yes, he bypassed the protections that the firewall afforded Joe in protecting his OS type from outside snooping and now has a rather accurate idea of the internal OS right down to the SP level..... The fun thing is that p0f is undetectable.... I use it 24/7 for every incoming connection but you'll never know it's there, the NIC won't respond to any stimulus unless you are on the same subnet.

[EDIT]

Nice post Frosted:

sorry to use the word stealth TS
I don't mind the use of the word "stealth" when it is used appropriately. In the case of a stealth scan you are doing something "magical", (or, at least, you used to be), you were avoiding many logging systems, though this is no longer the case.

As to the effectiveness of NMap Fin, Xmas etc. scans Snort alerts on them very nicely...

[/EDIT]