diff --git a/CHANGELOG b/CHANGELOG
index 904e14435..e763c5357 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -1,5 +1,10 @@
 #Nmap Changelog ($Id$); -*-text-*-
 
+o [Ncat] Ncat in connect mode no longer defaults to half-closed TCP
+  connections. This makes it more compatible with other netcats. The -k option
+  will enable the old behavior. See https://seclists.org/nmap-dev/2013/q1/188
+  [Daniel Miller]
+
 o [Nsock][GH#2788] Fix an issue affecting Ncat where unread bytes in the SSL
   layer's buffer could not be read until more data arrived on the socket, which
   could lead to deadlock. [Daniel Miller]
diff --git a/ncat/ncat_connect.c b/ncat/ncat_connect.c
index 06c55774f..0d509e7af 100644
--- a/ncat/ncat_connect.c
+++ b/ncat/ncat_connect.c
@@ -1331,9 +1331,10 @@ static void read_socket_handler(nsock_pool nsp, nsock_event evt, void *data)
 #else
         Close(STDOUT_FILENO);
 #endif
-        /* In --recv-only mode or non-TCP mode, exit after EOF on the socket. */
-        if (o.proto != IPPROTO_TCP || (o.proto == IPPROTO_TCP && o.recvonly))
-            nsock_loop_quit(nsp);
+        /* For TCP, --keep-open means don't quit unless --recv-only */
+        if (!o.keepopen || o.proto != IPPROTO_TCP || o.recvonly) {
+          nsock_loop_quit(nsp);
+        }
         return;
     } else if (status == NSE_STATUS_ERROR) {
         if (!o.zerobyte||o.verbose)
diff --git a/ncat/ncat_main.c b/ncat/ncat_main.c
index bcb680f4d..20a6e9026 100644
--- a/ncat/ncat_main.c
+++ b/ncat/ncat_main.c
@@ -1017,8 +1017,8 @@ static int ncat_connect_mode(void)
     if (o.chat)
         bye("Invalid option combination: `--chat' with connect.");
 
-    if (o.keepopen)
-        bye("Invalid option combination: `--keep-open' with connect.");
+    if (o.keepopen && o.proto != IPPROTO_TCP)
+        bye("Invalid option combination: `--keep-open' with non-TCP protocol.");
 
     return ncat_connect();
 }