Blocking Netscan/port scans?

[cguilford]

I'm curious if there is a way to auto block port scanning?  Some kind of stealth mode maybe?  What I'm seeing in my logs is a bunch of deny's which is great, but seems I'm often being hit on port 23 (denied).. which is of course telnet, and I don't have it open same for rdp ports and many others that are always being hit by the same ip over and over.  I'm assuming it's a botnet trying to find a way in or someone trying to brute-force.  I see there is intrusion detection which I turned on then the next day turned off because it seemed to cut my internet speed from 400mb to like 40mb?  Maybe that's a configuration issue?  Any help is greatly appreciated.

[marjohn56]

There is no way to stop another system from scanning your ports, your best defense is a firewall. 


I use various blocklists and geo blocking to keep them at bay. When I see an ip address that tries to attack through my few open ports, it gets added to my plonker list and that's the end of that.