diff --git a/NEWS b/NEWS
index 56017ce6de..0e6f486dde 100644
--- a/NEWS
+++ b/NEWS
@@ -142,6 +142,9 @@ Deprecated Functionality
 - The HOOK_BRO_OBJ_DTOR hook and associated methods have been deprecated. They
   are replaced by the HOOK_OBJ_DTOR hook and methods.
 
+- The ``misc/scan.zeek`` script has been marked for removal in Zeek 6.1.
+  Use github.com/ncsa/bro-simple-scan instead.
+
 Zeek 5.0.0
 ==========
 
diff --git a/scripts/policy/misc/scan.zeek b/scripts/policy/misc/scan.zeek
index 26dc54ce90..6e37b99500 100644
--- a/scripts/policy/misc/scan.zeek
+++ b/scripts/policy/misc/scan.zeek
@@ -4,6 +4,8 @@
 #            Seth Hall
 #            All the authors of the old scan.bro
 
+@deprecated "Remove in v6.1. Use the external github.com/ncsa/bro-simple-scan package instead (e.g., by installing it via `zkg install ncsa/bro-simple-scan`). The misc/scan.zeek script hasn't been maintained since 2013. Further, the external bro-simple-scan package from NCSA (Justin Azoff) has become the recommended alternative for TCP scan detection."
+
 @load base/frameworks/notice
 @load base/frameworks/sumstats
 
diff --git a/scripts/site/local.zeek b/scripts/site/local.zeek
index 9bf2ffc000..5c72ca7c93 100644
--- a/scripts/site/local.zeek
+++ b/scripts/site/local.zeek
@@ -18,9 +18,10 @@ redef digest_salt = "Please change this value.";
 # Enable logging of memory, packet and lag statistics.
 @load misc/stats
 
-# Load the scan detection script.  It's disabled by default because
-# it often causes performance issues.
-#@load misc/scan
+# For TCP scan detection, we recommend installing the package from
+# 'https://github.com/ncsa/bro-simple-scan'. E.g., by installing it via
+#
+#     zkg install ncsa/bro-simple-scan
 
 # Detect traceroute being run on the network. This could possibly cause
 # performance trouble when there are a lot of traceroutes on your network.
diff --git a/testing/btest/coverage/bare-mode-errors.test b/testing/btest/coverage/bare-mode-errors.test
index fa4c15c120..b5e244e3a4 100644
--- a/testing/btest/coverage/bare-mode-errors.test
+++ b/testing/btest/coverage/bare-mode-errors.test
@@ -6,4 +6,4 @@
 #
 # @TEST-EXEC: test -d $DIST/scripts
 # @TEST-EXEC: for script in `find $DIST/scripts/ -name \*\.zeek`; do zeek -b --parse-only $script >>errors 2>&1; done
-# @TEST-EXEC: TEST_DIFF_CANONIFIER="$SCRIPTS/diff-remove-abspath | $SCRIPTS/diff-sort" btest-diff errors
+# @TEST-EXEC: TEST_DIFF_CANONIFIER="grep -v 'Use the external.*bro-simple-scan package' | $SCRIPTS/diff-remove-abspath | $SCRIPTS/diff-sort" btest-diff errors