sendmail
, qmail
and MTA's
There are some tools designed to alert you to probes by SATAN and ISS and other scanning software. However, liberal use of tcp_wrappers, and make sure to look over your log files regularly, you should be able to notice such probes. Even on the lowest setting, SATAN still leaves traces in the logs on a stock Red Hat system.
There are also "stealth" port scanners. A packet with the TCP ACK bit set (as is done with established connections) will likely get through a packet-filtering firewall. The returned RST packet from a port that _had no established session_ can be taken as proof of life on that port. I don't think TCP wrappers will detect this.
sendmail
, qmail
and MTA's