portsentry is a daemon that listens for port scans (also stealth scans) and is able to disconnect and remember the attacking hosts in real-time. It uses ipchains for disconnecting and tcp wrappers for preventing hosts from further connections. Please look at http://www.psionic.com/abacus/portsentry/ for a closer description.
A beta version of the package is already used at 2 production firewalls and 3 servers that I administer. Rene
