Many resources I come across state that one major advantage of full-port scans (e.g. SYN scans) is the fact that there is a lower risk of being logged. But why?
In my opinion, the sequence of segments exchanged in a SYN-scan (SYN >> SYN/ACK >> RST) seems way more suspicious/ abnormal than that of a full TCP-connect scan (SYN >> SYN/ACK >> ACK). Since the first SYN-segment already reveals information about the sender (ie. IP address, assuming no spoofing or proxy), I don't understand why a full connect scan is riskier than a half open scan.