>If you're running nmap from another machine somewhere out on the Internet
>(as opposed to another machine on the same subnet as the machine under
>test) it's possible that your Internet connection is being filtered by your
>provider. I've heard of several cablemodem and DSL providers filtering
>netbios-* to protect the unwashed Windows masses from sharing their
>harddisk out to the world (I also know of a university that blocks *all*
>incoming traffic to the ethernets in its dorm rooms). 
>
>If this is the case, you'll get the same response when you run nmap again,
>even if you add more rules to ipfilter, since the filtering is happening
>before it ever gets to you.

hmm...  :)

if this is indeed the case, you ought to be able to skip the part with
creating filter rules and simply run tcpdump on your machine to see if
you actually receive (and respond to) the packets that nmap is
sending.

-- 
|-----< "CODE WARRIOR" >-----|
codewarrior@daemon.org             * "ah!  i see you have the internet
twofsonet@graffiti.com (Andrew Brown)                that goes *ping*!"
andrew@crossbar.com       * "information is power -- share the wealth."