[Info-vax] Intrusion detection finding internet busybodies

[plugh]

On another host intrusion detection point that's related to this post about generating an Audit journal report.

After looking at ossec reports, which incorporate Audit logs from Arne's earlier post, I started noticing sequences of IP V4 addresses hammering on the system... well they get to hammer once. 

These IP address banks cost real money, so I figured I'd look into one via whois. It's named "Shadow Server Foundation" 

Those of you running production servers: how do you deal with these ass-hats? I'm sure these aren't the only wankers running security snake oil schemes. I wrote a *nice* email asking them to stay off my damn servers. Besides a LOIC, I'm looking for ideas.