diff -u -r linux/net/ipv4/tcp_input.c /usr/src/linux-2.0.36/net/ipv4/tcp_input.c
--- linux/net/ipv4/tcp_input.c	Sat Jul 17 11:21:01 1999
+++ /usr/src/linux-2.0.36/net/ipv4/tcp_input.c	Sat Jul 17 12:00:13 1999
@@ -46,6 +46,7 @@
  *					</RANT>
  *	George Baeslack		:	SIGIO delivery on accept() bug that
  *					affected sun jdk.
+ *	Salvatore Sanfilippo	:	Prevents SYN, FIN, Xmass, NULL scan.
  */
 
 #include <linux/config.h>
@@ -2464,6 +2465,12 @@
 					}
 				}
 #endif
+				tcp_send_reset(daddr,saddr,th,sk->prot,opt,dev,0, 255);
+			}
+
+			/* resets FIN, Xmas, NULL */
+			if (!th->syn && !th->ack && !th->rst && ip_chk_addr(daddr)==IS_MYADDR)
+			{
 				tcp_send_reset(daddr,saddr,th,sk->prot,opt,dev,0, 255);
 			}
 
diff -u -r linux/net/ipv4/tcp_output.c /usr/src/linux-2.0.36/net/ipv4/tcp_output.c
--- linux/net/ipv4/tcp_output.c	Sat Jul 17 11:21:01 1999
+++ /usr/src/linux-2.0.36/net/ipv4/tcp_output.c	Sat Jul 17 11:56:35 1999
@@ -759,7 +759,7 @@
 	t1->source = th->dest;
 	t1->doff = sizeof(*t1)/4;
 	t1->rst = 1;
-  
+
 	if(th->ack)
 	{
 	  	t1->seq = th->ack_seq;
@@ -770,7 +770,15 @@
 	  	if(!th->syn)
 			t1->ack_seq = th->seq;
 		else
+		{
 			t1->ack_seq = htonl(ntohl(th->seq)+1);
+			/* send bogus syn/ack */
+			t1->rst = 0;
+			t1->syn = 1;
+			t1->ack = 1;
+			if (th->fin)
+				t1->fin = 1; /* as 2.0.3x we answer SAF */
+		}
 	}
 
 	tcp_send_check(t1, saddr, daddr, sizeof(*t1), buff);