On Tue, Nov 12, 2013 at 10:03 PM, William Herrin <b...@herrin.us> wrote: >> Now it would be trivial to setup syslog and sshd to give only the sessions >> that complete the handshake, however I'm also not sure how responsive some >> of the abuse contacts may be. I'll keep my restrictive network settings for >> the time being. > > That's the main problem: you can generate the report but if it's about > some doofus in Dubai what are the odds of it doing any good?
And then we're right back to sending the offending packets to a black hole. *sigh*
