Security though obscurity is no security at all.
For every website or service you encounter on the internet you have to provide an address to which replies can be sent.
Who needs to port scan ?
Port scanning is not even as difficult as was first believed : http://www.youtube.com/watch?v=c7hq2q4jQYw
Address randomisation does not even begin to solve the problem, in fact it makes it worse. How can my firewall be expected to know the difference between an address generated by my network printer that should not be seen from outside my network and one from a pc that should ?
So now even my network printer (toaster, fridge, whatever) needs a built in firewall with guaranteed bug fixes.
When was the last time you saw a printer or other device manufacturer fixing such security flaws in a timely manner ?
And this is progress ????
Auto configuration is a nightmare. I want to be alerted to the addition of any kit to my network and be given the choice to allow or disallow access to my resources before whatever it is starts to use the limited data allocation that is my internet connection, starts to print a copy of wikipedia or otherwise use resources that cost me time or money.
Before anyone chimes in with "Security Enhanced Neighbour Discovery" - find me a howto that shows the proper configuration of "SEND" that creates a secure network of Windows and Linux machines..... Go on... I'm not holding my breath......