diff --git a/CHANGELOG b/CHANGELOG
index 765fe2b05..de5b1dd72 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -1,5 +1,10 @@
 # Nmap Changelog ($Id$); -*-text-*-
 
+o Fixed a bug which caused port 0 to be improperly used for gen1 OS
+  detection in some cases when your scan includes port 0 (it isn't
+  included by default).  Thanks to Sebastian Wolfgarten for the report
+  and Kris Katterjohn for the fix.
+
 o Updated nmap-mac-prefixes to latest IEEE data as of 5/18/07. Also
   removed some high (greater than 0x80) characters from some company
   names because they were causing this error on Windows when Nmap is
diff --git a/osscan.cc b/osscan.cc
index 8cb81e0d0..75a5547c9 100644
--- a/osscan.cc
+++ b/osscan.cc
@@ -575,10 +575,21 @@ static FingerPrint *get_fingerprint(Target *target, struct seq_info *si) {
   /* Now we should find a closed port */
   if ((tport = target->ports.nextPort(NULL, IPPROTO_TCP, PORT_CLOSED))) {
     closedport = tport->portno;
-    target->FPR1->osscan_closedtcpport = tport->portno;
+
+    /* Port 0 seems to screw things up, so try to get another if available */
+    if (tport->portno == 0)
+      if ((tport = target->ports.nextPort(tport, IPPROTO_TCP, PORT_CLOSED)))
+        closedport = tport->portno;
+
+    target->FPR1->osscan_closedtcpport = closedport;
   } else if ((tport = target->ports.nextPort(NULL, IPPROTO_TCP, PORT_UNFILTERED))) {
     /* Well, we will settle for unfiltered */
     closedport = tport->portno;
+
+    /* Port 0 seems to screw things up, so try to get another if available */
+    if (tport->portno == 0)
+      if ((tport = target->ports.nextPort(tport, IPPROTO_TCP, PORT_CLOSED)))
+        closedport = tport->portno;
   } else {
     closedport = (get_random_uint() % 14781) + 30000;
   }