[cookiengineer]

The script kiddie typical nmap/zmap scans are easily detectable. There are some forks that use different headers / window sizes though but they aren't that popular as far as I can tell from my experience.

Check out the methods that start with "is_filtered_nmap_" here: https://github.com/tholian-network/firewall/blob/master/kern...