I found many
[font=monospace]
Did not receive identification string from ::ffff:62.2.78.25
Did not receive identification string from ::ffff:218.38.14.208
[/font]
in my logs. This is a clear sign of a port/SSH scan.

What should I do?
Is reporting the abuse to the competent address enough?
Is blocking all the connection from IPTables the correct thing to do?
Will the future network monitor that matta announced intercept these scans and block them?

You do have a firewall, right ?

[QUOTE=gioeleb]I found many
[font=monospace]
Did not receive identification string from ::ffff:62.2.78.25
Did not receive identification string from ::ffff:218.38.14.208
[/font]
in my logs. This is a clear sign of a port/SSH scan.

What should I do?
Is reporting the abuse to the competent address enough?
Is blocking all the connection from IPTables the correct thing to do?
Will the future network monitor that matta announced intercept these scans and block them?[/QUOTE]

[QUOTE=xiongy]You do have a firewall, right ?[/QUOTE]
My IPTables rules do not close port 22 because I need it.
Are there IPTables rules to block connections that don't looks like real connection attempts?

Anyway, what I fear is that these guys are storing the fact that my host has ssh open. The day a new exploit come out, they will target my host and breach into in a blink of an eye.
Banning the IP is not really effective. Probably they have a dummy hosts doing scans and other different boxes to launch attacks.
Effective countermeasures?

I installed knockd, just specifically to defeat port scans.
To the outside world, I only have port 80 open.
To guys that know the knock sequence, port 22 is also open.

See my post (http://unixshell.com/forum/showthread.php?p=1791#post1791) .