The wide spread of worms, DDOS attacks and scan activities have greatly affected the network infrastructure security. For scan detection, traditionally most detection methods are flow based, thus undesirable for gigabits or multi-gigabits networks. To deal with this scalability problem, in this paper, a novel scan detection method is proposed, in which no flow record is required to maintain. Based on the observation that scans will generally generate a large volume of return RST packets, a hypothesis testing based approach is proposed. Experiments in practical network and on the DARPA 1998 datasets indicate that this algorithm is effective.