Protecting Servers From Nmap's Idlescan?

Istealmymusic asks: "Now that Nmap 3.00's idlescan technique is fully documented, thousands of vulnerable NT and Linux hosts on the Internet are being exploited to perform stealthy port-scanning. My employer's Linux cluster was a victim of these attacks; apparently he has been used to perform hundreds of port scans on DDN machines. Needless to say we where contacted by the sysadmin and forced to blacklist the cracker. However, our Linux cluster is still vulnerable to the idlescan exploit from other attackers, and I believe our company has a false sense of security. OpenBSD is the only OS I know of which randomizes the IPID sequence therefore making it invulnerable to the idlescan, but we have neither the time nor urge to migrate to OpenBSD. How can one secure their Linux or NT TCP/IP stack from malicious idlescanning?"

Re:This trick might work

Or you can setup Code Red or Nimda affected Windows machines on the local machine and let it pelt your web server. That should help kick the IPID up :)

Re:Uhm, how about READING the article you link to

So apparently this guy doesn't have the same amazing grasp of TCP/IP that your majesty does. Big fucking deal. Plenty of others (who I'm certain know atleast as much as you do) have provided useful, worthwhile information - regardless of the fact that his question might be answered in the article. So what if it is? How many people, who wouldn't have read the article in question otherwise, might now be aware of a potential security threat? Berating the editors is a great idea though. Lets all rant at Slashdot for trying to help a fellow linux user by posting a story that we weren't required to read. That'll help. Good job whistle blower. You've uncovered a major flaw with the community. No more asking questions you don't know the answer to! God I fucking hate know-it-all, pretentious, angry eccentric nerds.