The problem with portsentry is that it binds to all the ports you are watching, so people that are scanning actually see those ports open. It is better to use snort, which will let you know that the scans have happened without the attacker being aware.
Although it binds to all the ports portsentry can blackhole the scanner as soon as it detects it with an IP chains rule. Once the user starts a scan they will be immediately blackholed and will never even complete the scan.
:wq Tim UckunDue Diligence Inc. http://www.diligence.com/ Americas Background Investigation Expert. If your company isn't doing background checks, maybe you haven't considered the risks of a bad hire.