There are 2 great tutorials at
http://www.frozentux.net/
If you setup a firewall with a deny-by-default policy and stateful filtering, it's easy to prevent port scans. Make sure you DROP (instead of REJECT) those packets so your machine won't ellicit TCP RST's and ICMP DEST-UNREACH packets that give information on closed ports, thus slowing their scan. You may also temporarily block the offenders' IP's... Just make sure they aren't trying to block you from a known IP, though. I wouldn't recommend this option.
You may use sysctl's in addition to iptables.
See: /usr/src/linux/Documentation/networking/ip-sysctl.txt
Code:
# Note: SYN/FIN's are legitimate with T/TCP, though
# they may be used for TCP/IP OS fingerprinting, not a big deal anyway.
echo 1 > /proc/sys/net/ipv4/tcp_ignore_synfin
# TCP SYN flood protection
echo 1 > /proc/sys/net/ipv4/tcp_syncookies
# Note: TCP Timestamps (RFC 1323) may disclose our uptime information
# but they're used to protect against wrapping sequence numbers.
# Enable it if you're using a fast connection
echo 0 > /proc/sys/net/ipv4/tcp_timestamps