In order to protect information and communications technology (ICT) systems against remote attacks and exploitation, insight into which systems are targeted is necessary as soon as possible. Given the lack of advance information, current network-based attack detection and mitigation techniques, such as virus scanners or intrusion prevention systems, are typically aimed at countering the delivery and exploitation. This paper presents a novel approach capable of detecting threats while they scan a local network for potential targets and even before an intrusion attack has been made. This allows the defender to single out scan traffic and selectively deny access to an attacker performing reconnaissance while maintaining the availability to other users. We implement a proof-of-concept on commodity graphics cards, and demonstrate fast prediction of scanner behavior on a /16 network telescope.