diff --git a/extensions/libxt_portscan.man b/extensions/libxt_portscan.man
index 60a4c1a..aaa162f 100644
--- a/extensions/libxt_portscan.man
+++ b/extensions/libxt_portscan.man
@@ -20,7 +20,11 @@ connection was torn down after completion of the 3-way handshake.
 \fB--grscan\fR
 Match if data in the connection only flew in the direction of the remote side,
 e.g. if the connection was terminated after a locally running daemon sent its
-identification. (e.g. openssh)
+identification. (E.g. openssh, smtp, ftpd.) This may falsely trigger on
+warranted single-direction data flows, usually bulk data transfers such as
+FTP DATA connections or IRC DCC. Grab Scan Detection should only be used on
+ports where a protocol runs that is guaranteed to do a bidirectional exchange
+of bytes.
 .PP
 NOTE: Some clients (Windows XP for example) may do what looks like a SYN scan,
 so be advised to carefully use xt_portscan in conjunction with blocking rules,