Given the very nature of the public wireless network, it is tricky to proactively deal with port scanning attempts.
We can attempt to deal with this at the network level, but having both the system we need to protect and the unauthorized scanning system on the same VLAN makes it difficult to identify a choke point or a tap to deploy proactive network-based detective/preventive capabilities, like a network-based intrusion prevention system (IPS).
Ideally you would want to deal with this at a host level. To clarify, the host here is the system you are trying to protect. Depending on the OS type, there are a few host-based products available that can block port scan attempts. In the Windows world, there are some mature offerings from antivirus companies that feature both a built-in firewall and an IPS. In the Unix/Linux world, an interesting utility to look at is Port Scan Attack Detector (PSAD), which leverages iptable logs and tracks port-scanning attempts. It has the capability to block the source initiating the scan due to its close integration with iptables. Read Eckie Silapaswang's article, which goes over an active blocking deployment scenario with PSAD.
This was first published in June 2010