diff --git a/CHANGELOG b/CHANGELOG
index e0fb9fb0f..256424e3c 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -1,9 +1,19 @@
 # Nmap Changelog ($Id$)
 
+3.95
+
 o Fixed a crash in IPID Idle scan.  Thanks to Ron
   (iago(a)valhallalegends.com>, Bakeman (bakeman(a)physics.unr.edu),
   and others for reporting the problem.
 
+o Fixed an inefficiency in RPC scan that could slow things down and
+  also sometimes resulted in the spurious warning message: "Unable to
+  find listening socket in get_rpc_results"
+
+o Fixed a 3.94ALPHA3 bug that caused UDP scan results to be listed as
+  TCP ports instead.  Thanks to Justin M Cacak (jcacak(a)nebraska.edu)
+  for reporting the problem.
+
 3.94ALPHA3
 
 o Updated NmapFE to build with GTK2 rather than obsolete GTK1.  Thanks
diff --git a/scan_engine.cc b/scan_engine.cc
index 8be3eedc2..d1f3860c4 100644
--- a/scan_engine.cc
+++ b/scan_engine.cc
@@ -1821,7 +1821,7 @@ bool ultrascan_port_pspec_update(UltraScanInfo *USI, HostScanStats *hss,
     proto = IPPROTO_TCP;
     portno = pspec->pd.tcp.dport;
   } else if (pspec->type == PS_UDP) {
-    proto = IPPROTO_TCP;
+    proto = IPPROTO_UDP;
     portno = pspec->pd.udp.dport;
   } else assert(0);
   
@@ -3780,6 +3780,14 @@ void pos_scan(Target *target, u16 *portarray, int numports, stype scantype) {
 	    /*	if (!testinglist) testinglist = current; */
 	    ss.numqueries_outstanding++;
 	    gettimeofday(&current->sent[0], NULL);
+	    if (send_rpc_query(target->v4hostip(), 
+			       rsi.rpc_current_port->portno,
+			       rsi.rpc_current_port->proto, current->portno,
+			       current - scan, current->trynum) == -1) {
+	      /* Futz, I'll give up on this guy ... */
+	      rsi.rpc_status = RPC_STATUS_NOT_RPC;
+	      break;
+	    }
 	    if (senddelay) usleep(senddelay);
 	  }
 	}