Carolyng denounces NMAP as 'broken': see details here .. She does this by posting a letter to www.infowar.com .. For those of you not familiar with 'nmap' and 'ffingerd', let me explain. When you use the 'nmap' portscanner, and it connects to the 'ffingerd' daemon, it leaves a fairly distinct signature. Below are the results of running 'nmap' twice against the ffingerd daemon, and a comparison of Carolyn Meinel running against the same host. Oct 28 07:21:58 enigma ffingerd[13911]: [user not there] attempt to finger "H^G^D^H^F" from 127.0.0.1 [127.0.0.1] Oct 29 07:20:59 enigma ffingerd[22580]: [user not there] attempt to finger "H^G^D^H^F" from 127.0.0.1 [127.0.0.1] Oct 29 11:20:21 enigma ffingerd[23582]: [user not there] attempt to finger "H^G^D^H^F" from 198.59.176.49 [198.59.176.49] First two are from our nightly security audit, that runs nmap on localhost to show which ports are open. Third, is most likely our dear Carolyn portscanning (this addy hit all of our open ports). Funny how she denounces NMAP, then uses it.