Method 1: Using Fail2ban Port Scan Jail
sudo nano /etc/fail2ban/jail.localAdd:
[scan]
enabled = true
port = any
filter = scan
logpath = /var/log/auth.log
maxretry = 2
bantime = 86400Method 2: Detect with tcpdump
sudo tcpdump -i eth0 'tcp[tcpflags] & (tcp-syn) != 0 and not tcp[tcpflags] & (tcp-ack) != 0'Method 3: Check Firewall Logs
sudo ufw status verbose
sudo tail -f /var/log/ufw.log