For context, I am a pentester as my day job and it's not unusual for me to achieve catastrophic compromise of two or three different corporate networks in a single week. When it's not MS17-010 it's IBM WebSphere and HP DataProtector.

What I'm trying to do here is run my own networks securely, and I see no reason I should let any random intruder find out what services they can attack by portscanning.