Hi I am getting lots of 'anonymous' FTP scan on my server.

How do I block these scans? I am using Ipchains and fmfirewall installed in the Redhat 7.2

fewlines from the log file:
myserver.com (12-239-64-94.client.attbi.com[12.239.64.94]) - no such user 'anonymous'
myserver.com (12-239-64-94.client.attbi.com[12.239.64.94]) - no such user 'anonymous'
myserver.com (12-239-64-94.client.attbi.com[12.239.64.94]) - no such user 'anonymous'
myserver.com (12-239-64-94.client.attbi.com[12.239.64.94]) - no such user 'anonymous'
myserver.com (12-239-64-94.client.attbi.com[12.239.64.94]) - no such user 'anonymous'

Well, you can't really stop people trying to login anonymously to your server, and from the looks of it..anonymous ftp is blocked

You could run PSAD on your server. It will block scans, automatically permanently block the IP the scan originated from from your server unless you mark it as a trusted IP and send you an email with the details of the scan and the DNS record of the IP the scan originated from.

You can't stop people from scanning your server, but you can stop them from getting in, which is the most important part...

I understand this is not possible, but I am thinking about to block the IP after a first attempt of 'anonymous' FTP scanning.

the first attempt go through, since it is not possible to know the FTP login is genuine or a anonymous scan. but second scan can indicate to identify and if it is a anonymous attempt then blocking the IP for FTP access.

Can PSAD or any other port blocking tools handle this?

As stated above PSAD will take care of that. You can set "security levels" to establish how sensitive the block is.

I recommend installing bastille linux & psad.

IMO

Yep, Bastille and PSAD is the combo I went for. Been working very well so far. Just be sure to update PSAD to the latest version after you install Bastille, as Bastille includes an older version of PSAD...