portsentry combined with tcpd is good for this as well. It has several operation modes including detecting stealthed scans and has features to help prevent DDOS attacks. It is a very compact, lightweight and flexible daemon that does not use much in the way of system resources. It can be configured to work with iptables in several different ways to create rules and respond to the attacks by dropping the connection and blocking the host amongst other things.