IMHO there's a big difference (at least emotional) between scanning a box that has tried to make contact in a manner you suspect it has been compromised and the owner does not know or on the other side, scan whole IP ranges to find boxes that have left those ports open that you want to use for your little evil exploit... anyway if port scanning is illegal, both are against the law. Probably after some complains your ISP will shutdown your connection cause of violation of the acceptable use policy and that would be all.