Just to add to what gaxprels has to say, you can set portsentry to do several detection modes including my favorite `advanced stealth tcp scan' ( option -atcp). In addition it can make use of tcp wrappers and an ipchain or iptable rule, and will add the ip's of offending machines to /etc/hosts.deny.

http://www.psionic.com makes another great and `free' product called logcheck. It scans logs for suspect activity and compiles a log that can be mailed to anyone you like ranking the activity from very suspicious to just something you should know. Truly fantastic logging.