diff --git a/portreasons.cc b/portreasons.cc
index 68b50af37..44d9c9bb5 100644
--- a/portreasons.cc
+++ b/portreasons.cc
@@ -115,7 +115,8 @@ class PortList;
 /* Possible plural and singular reasons */
 char *reason_text[ER_MAX+1]={ 
         "reset", "conn-refused", "syn-ack", "syn-ack",  "udp-response",
-        "proto-response","net-unreach", "host-unreach", "proto-unreach",
+        "proto-response", "perm-denied",
+        "net-unreach", "host-unreach", "proto-unreach",
         "port-unreach", "echo-reply", "unknown", "unknown", "dest-unreach",
         "source-quench", "net-prohibited", "host-prohibited", "unknown", 
         "unknown", "admin-prohibited", "unknown", "time-exceeded", "unknown", "unknown",
@@ -126,7 +127,8 @@ char *reason_text[ER_MAX+1]={
 
 char *reason_pl_text[ER_MAX+1]={ 
         "resets", "conn-refused", "syn-acks", "syn-acks",  "udp-responses",
-        "proto-responses","net-unreaches", "host-unreaches", "proto-unreaches",
+        "proto-responses", "perm-denieds",
+        "net-unreaches", "host-unreaches", "proto-unreaches",
         "port-unreaches", "echo-replies", "unknowns", "unknowns", "dest-unreaches",
         "source-quenches", "net-prohibiteds", "host-prohibiteds", "unknowns", 
         "unknowns", "admin-prohibiteds", "unknowns", "time-exceededs", "unknowns",
diff --git a/portreasons.h b/portreasons.h
index f9d648317..d43f3e571 100644
--- a/portreasons.h
+++ b/portreasons.h
@@ -135,17 +135,18 @@ typedef struct port_reason_summary {
 /* portreasons.h:reason_codes and portreasons.cc:reason_str must stay in sync */
 enum reason_codes {
 	ER_RESETPEER=0, ER_CONREFUSED, ER_CONACCEPT, 
-	ER_SYNACK, ER_UDPRESPONSE, ER_PROTORESPONSE, 
+	ER_SYNACK, ER_UDPRESPONSE, ER_PROTORESPONSE, ER_ACCES, /* 7 */
+
 	ER_NETUNREACH, ER_HOSTUNREACH, ER_PROTOUNREACH,
-	ER_PORTUNREACH, ER_ECHOREPLY,  /* 10 */
+	ER_PORTUNREACH, ER_ECHOREPLY,  /* 11 */
 
-	ER_DESTUNREACH=13, ER_SOURCEQUENCH, ER_NETPROHIBITED,
-	ER_HOSTPROHIBITED, ER_ADMINPROHIBITED=19,
-	ER_TIMEEXCCEDED=21, ER_TIMESTAMPREPLY=24,
+	ER_DESTUNREACH=14, ER_SOURCEQUENCH, ER_NETPROHIBITED,
+	ER_HOSTPROHIBITED, ER_ADMINPROHIBITED=20,
+	ER_TIMEEXCCEDED=22, ER_TIMESTAMPREPLY=25,
 
-	ER_ADDRESSMASKREPLY=28, ER_NOIPIDCHANGE, ER_IPIDCHANGE,
+	ER_ADDRESSMASKREPLY=29, ER_NOIPIDCHANGE, ER_IPIDCHANGE,
 	ER_ARPRESPONSE, ER_TCPRESPONSE, ER_NORESPONSE,
-	ER_LOCALHOST, ER_UNKNOWN, ER_MAX=ER_UNKNOWN   /* 36 */
+	ER_LOCALHOST, ER_UNKNOWN, ER_MAX=ER_UNKNOWN   /* 37 */
 };
 
 /* Be careful to update these values if any ICMP
@@ -153,8 +154,8 @@ enum reason_codes {
  *
  * ICMP ER_* codes are calculated by adding the 
  * offsets below to an ICMP packets code/type value */
-#define ER_ICMPCODE_MOD 6  
-#define ER_ICMPTYPE_MOD 10  
+#define ER_ICMPCODE_MOD 7  
+#define ER_ICMPTYPE_MOD 11  
 
 /* passed to the print_state_summary.
  * STATE_REASON_EMPTY will append to the current line, prefixed with " because of"
diff --git a/scan_engine.cc b/scan_engine.cc
index 03bb52693..c1782bd6e 100644
--- a/scan_engine.cc
+++ b/scan_engine.cc
@@ -2438,18 +2438,30 @@ static UltraProbe *sendConnectScanProbe(UltraScanInfo *USI, HostScanStats *hss,
     else 
       ultrascan_port_probe_update(USI, hss, probeI, PORT_OPEN, &USI->now);
     probe = NULL;
+  } else if (connect_errno == EINPROGRESS || connect_errno == EAGAIN) {
+    USI->gstats->CSI->watchSD(CP->sd);
   } else {
+    int host_state = HOST_UNKNOWN, port_state = PORT_UNKNOWN;
+
     switch(connect_errno) {
-    case EINPROGRESS:
-    case EAGAIN:
-      USI->gstats->CSI->watchSD(CP->sd);
+    /* This can happen on localhost, successful/failing connection immediately
+       in non-blocking mode. */
+    case ECONNREFUSED:
+      host_state = HOST_UP;
+      port_state = PORT_CLOSED;
+      hss->target->reason.reason_id = ER_CONREFUSED;
       break;
     case ENETUNREACH:
-      if (o.debugging) 
-	log_write(LOG_STDOUT, "Got ENETUNREACH from %s connect()\n", __func__);
-      ultrascan_host_probe_update(USI, hss, probeI, HOST_DOWN, &USI->now);
+      if (o.debugging)
+        log_write(LOG_STDOUT, "Got ENETUNREACH from %s connect()\n", __func__);
+      host_state = HOST_DOWN;
       hss->target->reason.reason_id = ER_NETUNREACH;
-      probe = NULL;
+      break;
+    case EACCES:
+      if (o.debugging)
+	log_write(LOG_STDOUT, "Got EACCES from %s connect()\n", __func__);
+      host_state = HOST_DOWN;
+      hss->target->reason.reason_id = ER_ACCES;
       break;
     default:
       if (!connecterror) {	
@@ -2457,23 +2469,21 @@ static UltraProbe *sendConnectScanProbe(UltraScanInfo *USI, HostScanStats *hss,
 	fprintf(stderr, "Strange error from connect (%d):", connect_errno);
 	fflush(stdout);
 	fflush(stderr);
-	perror(""); /*falling through intentionally*/
+	perror("");
       }
-    case ECONNREFUSED:
-      /* This can happen on localhost, successful/failing connection immediately
-         in non-blocking mode. */
-      if (probe->isPing()) {
-	ultrascan_ping_update(USI, hss, probeI, &USI->now);
-      } else if (USI->ping_scan) {
-	ultrascan_host_probe_update(USI, hss, probeI, HOST_UP, &USI->now);
-	/* If the host is up, we can forget our other probes. */
-	hss->destroyAllOutstandingProbes();
-      } else {
-	ultrascan_port_probe_update(USI, hss, probeI, PORT_CLOSED, &USI->now);
-      }
-      probe = NULL;
-      break;
+      host_state = HOST_DOWN;
+      hss->target->reason.reason_id = ER_UNKNOWN;
     }
+    if (probe->isPing()) {
+      ultrascan_ping_update(USI, hss, probeI, &USI->now);
+    } else if (USI->ping_scan && host_state != HOST_UNKNOWN) {
+      ultrascan_host_probe_update(USI, hss, probeI, host_state, &USI->now);
+      if (host_state == HOST_UP)
+        hss->destroyAllOutstandingProbes();
+    } else if (!USI->ping_scan && port_state != PORT_UNKNOWN) {
+      ultrascan_port_probe_update(USI, hss, probeI, port_state, &USI->now);
+    }
+    probe = NULL;
   }
   gettimeofday(&USI->now, NULL);
   return probe;