Quoting James Harper (james.harper@bendigoit.com.au):
Yes that was my reason for blocking too... too much noise in the logs makes log analysis difficult. For the same reason I've changed ports in a lot of cases too - now when I see traffic its probably worth following up.
Personally, I regard that as solving the wrong problem. Instead, I tweak logfile analysis to ignore basically meaningless so-called 'attacks' (net.randoms' doorknob-twisting of the sshd, etc.). (Noise in your logs? Of course there's noise in your logs. It's the Internet, after all. If the 'flooding' bothers you, don't look at it.) Automated iptables blacklists are mostly just a clever way to DoS yourself, in my experience, and add to system complexity and impair the goal of deterministic behaviour without any benefit worth having. Your Mileage May Differ[tm].