Protecting Servers From Nmap's Idlescan?

Istealmymusic asks: "Now that Nmap 3.00's idlescan technique is fully documented, thousands of vulnerable NT and Linux hosts on the Internet are being exploited to perform stealthy port-scanning. My employer's Linux cluster was a victim of these attacks; apparently he has been used to perform hundreds of port scans on DDN machines. Needless to say we where contacted by the sysadmin and forced to blacklist the cracker. However, our Linux cluster is still vulnerable to the idlescan exploit from other attackers, and I believe our company has a false sense of security. OpenBSD is the only OS I know of which randomizes the IPID sequence therefore making it invulnerable to the idlescan, but we have neither the time nor urge to migrate to OpenBSD. How can one secure their Linux or NT TCP/IP stack from malicious idlescanning?"

lameness filters are lame

[0x0d0a]

The number of people I've seen griping about lameness filters is ridiculous.

I wanted to break up stuff into a bulletized list to make it easier to read. The lameness filters wanted more characters per line.

I wanted to include a snippit of source. The lameness filters didn't like it (too many "nonstandard" characters).

Now this person wants to post a tiny patch, and the filters freak out.

I *hate* Slashdot "behavior modification" limits. The "two minutes between posts" rule. The "twenty seconds at least to write a post" rule. The "fifty posts per day rule". I've hit them all, and they're a bloody PITA.