Well most port scanning is from compromised boxes. Once a
box is compromised it can be used for *any* sort of attack.
If you really care about security you take reports of ports
Yeahbut, the real problem is that port scanning is typically used as
part of a process to infect _other_ boxes. If you allow this sort of
illness to spread, the patient (that is, the Internet) doesn't get