Following a story on slashdot led to this article about hiding your system fingerprint from nmap. Now as far as I know (from nmap scanning on my local network), my machine has never been tagged (identified), but the suggestion about dropping packets to closed ports seemed like a "Good Idea." The instructions, in the BSD section were:
sysctl -w net.inet.tcp.blackhole=[0 | 1 | 2]
sysctl -w net.inet.udp.blackhole=[0 | 1]
I used the values (2,1), and nmap was then unable to even propose a set of values (it failed on tests 2,5,6,7 and U). Note sure of the real value but for the paranoid out there, why not give yourself a little extra edge.
Mac OS X Hints
http://hints.macworld.com/article.php?story=20030316190030396