I have a /16 network on internet and it gets a constant flow of 1-2 Mbit/s of this crap.
I run some automatic blacklisting on that network (which is not as straightforward as you would think), and it lists 70000-80000 systems doing such scans all the time.
That would be too complex for most retail users to accomplish. Best is keep ROS updated, maintain the firewall filters, should give a safer environment.
I agree, there are quite a number of pitfalls with that. I would not recommend to setup an automatic blacklist filter unless all the implications are known and workarounds for known problems are included.
The reason for the blacklist is not really "security", it is more to reduce the noise traffic on the network (which consists of many much slower links behind the outside router).
I mainly mention it to indicate the scale of the problem. There are many of those scanning systems now, some claim to be for "research", some are more plainly indicating it is to collect attack surface information, some are just trying what ports are open, others are trying to login using default passwords etc, and aside of the more organized scanning networks there are the individuals that have a go at it themselves.
The result is log messages like the above. And other issues, like very large connection tables.
Personally I do not have pptp service, but when I needed to have it I would try to setup a list of authorized source addresses and just drop everything outside of that, to reduce the number of doorbell ringings.