On Dec 5, 2006, at 3:37 PM, Michael Gorsuch wrote:

> I like the idea of dynamically blocking the single IP for a period  
> of time.
>
> I generally think blocking an entire network is a *bad thing*,  
> considering that any number of potential 'good' users could be on  
> that as well.

I was recently traveling in S America, and was unable to get to my  
server for a while as I had moved into an area that for which I had  
manually blocked the whole /16.   grumble.

I am revisiting the idea of setting up the denyhosts or other script  
with an auto timeout, so I'd block just bad IPs, and even then have a  
time limit (weeks/month/whatever) before allowing at least a few  
connections again.

Brian