One thing to bear in mind regarding IDS is that a good 'port scanner' (as in whoever is doing the scan) will try to defeat the IDS so that it doesn`t raise an alert, the most common way being to run the port scan exceptionally slowly (i.e. paranoid mode on nmap). Most script kiddies won`t do this however as it can make the port scan take days, so you`ll catch most of them with an IDS and by checking your firewall logs.

As some of the other postings have said, whatever services you allow through the firewall (i.e. http on port 80) a port scan will detect these, as you cannot block Port 80 or you would not get any traffic on your web server, and the same applies to any other services you want to allow through.

You could set your applications (wherever possible) to use non standard ports, at least that way an attacker won`t instantly know what services you are running, although that isn`t practical for anything you want the public to access.

I think as long as you have decent security measures in place a port scan shouldn`t be something you worry too much about.