Fix refguide indexterms mucking with manpage again. Fixes #463 [ci skip]

docs/nmap.1

@@ -2,12 +2,12 @@
 .\"     Title: nmap
 .\"    Author: [see the "Author" section]
 .\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
-.\"      Date: 07/19/2016
+.\"      Date: 07/22/2016
 .\"    Manual: Nmap Reference Guide
 .\"    Source: Nmap
 .\"  Language: English
 .\"
-.TH "NMAP" "1" "07/19/2016" "Nmap" "Nmap Reference Guide"
+.TH "NMAP" "1" "07/22/2016" "Nmap" "Nmap Reference Guide"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
@@ -729,32 +729,38 @@ filtered\&.
 .PP
 \fBThe six port states recognized by Nmap\fR
 .PP
-.\" open port state open
+open 
+.\" open port state
 .RS 4
 An application is actively accepting TCP connections, UDP datagrams or SCTP associations on this port\&. Finding these is often the primary goal of port scanning\&. Security\-minded people know that each open port is an avenue for attack\&. Attackers and pen\-testers want to exploit the open ports, while administrators try to close or protect them with firewalls without thwarting legitimate users\&. Open ports are also interesting for non\-security scans because they show services available for use on the network\&.
 .RE
 .PP
-.\" closed port state closed
+closed 
+.\" closed port state
 .RS 4
 A closed port is accessible (it receives and responds to Nmap probe packets), but there is no application listening on it\&. They can be helpful in showing that a host is up on an IP address (host discovery, or ping scanning), and as part of OS detection\&. Because closed ports are reachable, it may be worth scanning later in case some open up\&. Administrators may want to consider blocking such ports with a firewall\&. Then they would appear in the filtered state, discussed next\&.
 .RE
 .PP
-.\" filtered port state filtered
+filtered 
+.\" filtered port state
 .RS 4
 Nmap cannot determine whether the port is open because packet filtering prevents its probes from reaching the port\&. The filtering could be from a dedicated firewall device, router rules, or host\-based firewall software\&. These ports frustrate attackers because they provide so little information\&. Sometimes they respond with ICMP error messages such as type 3 code 13 (destination unreachable: communication administratively prohibited), but filters that simply drop probes without responding are far more common\&. This forces Nmap to retry several times just in case the probe was dropped due to network congestion rather than filtering\&. This slows down the scan dramatically\&.
 .RE
 .PP
-.\" unfiltered port state unfiltered
+unfiltered 
+.\" unfiltered port state
 .RS 4
 The unfiltered state means that a port is accessible, but Nmap is unable to determine whether it is open or closed\&. Only the ACK scan, which is used to map firewall rulesets, classifies ports into this state\&. Scanning unfiltered ports with other scan types such as Window scan, SYN scan, or FIN scan, may help resolve whether the port is open\&.
 .RE
 .PP
-.\" open|filtered port state open|filtered
+open|filtered 
+.\" open|filtered port state
 .RS 4
 Nmap places ports in this state when it is unable to determine whether a port is open or filtered\&. This occurs for scan types in which open ports give no response\&. The lack of response could also mean that a packet filter dropped the probe or any response it elicited\&. So Nmap does not know for sure whether the port is open or being filtered\&. The UDP, IP protocol, FIN, NULL, and Xmas scans classify ports this way\&.
 .RE
 .PP
-.\" closed|filtered port state closed|filtered
+closed|filtered 
+.\" closed|filtered port state
 .RS 4
 This state is used when Nmap is unable to determine whether a port is closed or filtered\&. It is only used for the IP ID idle scan\&.
 .RE