Aloha, Actually the FAQ says to use S/SAFR instead of S/SA. What this means is check the SYN, ACK, FIN, and RST flags and make sure only the SYN flag is set, ignoring the URG, PSH flags.
S/SA only checks the SYN and ACK flags (making sure ACK is not set) and completely ignores the FIN, URG, PSH and RST flags, that is how a FIN scan could get by. Thanks, Dusty
