At a former employer I hooked up a random Debian box to the corp network. Of course I ran fail2ban, in addition to a host of other lockdown measures. Without fail every morning at the same time some random corp scanner would start hammering on the ports, and fail2ban would kick in and block the scanner. After the default expiration time the rules blocking the scanner would expire, and it would happen again the next morning. This probably continued going on for several weeks or perhaps even months after I left the company.
You would get seriously yelled at by my team if you did this in my company.
The corporate scanner are not there for fun or because security loves to do scans. They are there exactly because they are random wannabe sysadmins who will plug in a box that ends up compromised.
A scanner may help to locate it and possibly warn about the issue. And only maybe.
Do not make life difficult for people who already have they hands full of constant vulnerabilities, fighting corporate crap and being the bad guys because they audit stuff.
