keyplyr - 8:40 am on Feb 26, 2013 (gmt 0)
Thanks Don, didn't have either of those two.
Looking back at IP block list, it seems that for the first 10 years or so I would only block the offending range (sometimes just that specific IP address) and not investigate other IP ranges registered to that agent, usually a host, colo or data center.
It is likely due to discussions here at WW that a few years ago I changed my approach and started adding all that fit the criteria, whether or not they ever hit my servers (yet.)
I now feel it is a wiser path to be proactive. Thanks for everyone contributing.