I'm curious if there is a way to auto block port scanning? Some kind of stealth mode maybe? What I'm seeing in my logs is a bunch of deny's which is great, but seems I'm often being hit on port 23 (denied).. which is of course telnet, and I don't have it open same for rdp ports and many others that are always being hit by the same ip over and over. I'm assuming it's a botnet trying to find a way in or someone trying to brute-force. I see there is intrusion detection which I turned on then the next day turned off because it seemed to cut my internet speed from 400mb to like 40mb? Maybe that's a configuration issue? Any help is greatly appreciated.
There is no way to stop another system from scanning your ports, your best defense is a firewall. :)
I use various blocklists and geo blocking to keep them at bay. When I see an ip address that tries to attack through my few open ports, it gets added to my plonker list and that's the end of that.