I take a rather simpler approach.  Whenever these pop-up on the EMPIRE game machine.  I add the first three IP octets into the INETDSEC telnet and ftp deny portion of the file (nnn.nnn.nnn.* \).  I understand this may exclude entire small (and rather innocent) internet providers, but I think  that's a small price to be paid for hosting a hacker.

If attempts on the first three octets grouped together start to get closely related to the first two.  I'll even start blocking the first two octets (nnn.nnn.*.* \).  I haven't had to block an entire first octet yet.

I understand this is just an old fashioned block list.  But in the interest of keeping the Empire game open to as many as I can, this is  probably the best I can do.

P.S. If anyone is interested, Empire can be played at 198.212.189.111, web site at same hardcoded IP address.  The game has been available (in one form or another for about 12 years.  Typical welcome message below:

+-------------------------------------------------+
| EMPIRE1 started 03 MAR 2012 expires 11 APR 2012 |
| EMPIRE2 started 28 JAN 2012 expires 18 MAR 2012 |
| EMPIRE3 started 24 DEC 2011 expires 02 APR 2012 |
| EMPIRE4 started 28 JAN 2012 expires 01 JUN 2012 |                                                                       
| EMPIRE5 started 13 FEB 2011 expires 13 FEB 2012 |
+-------------------------------------------------+
-- MILL BORNES REQUIRES AN HP TERMINAL EMULATOR --


Tracy Johnson
Office (757) 766-4318
[log in to unmask]

* To join/leave the list, search archives, change list settings, *
* etc., please visit http://raven.utc.edu/archives/hp3000-l.html *