So I have a network node with web and mail servers as well as a local area router on a topology consisting of both static and dynamic public and private facing IP addresses.
Throughout the day my intranet, web and email domains are barraged with a variety of never ending exploits from both residential and business addresses which I diligently seek out and firewall immediately.
It is tiresome to be continually looking for these network users of various businesses as well as little hacker dudes (and possibly dudettes) who think it's amusing to try and hack the resources of another — particularly when it is my resources they attempt to breach.
So, harsh activity requires a harsher response and that is me.
When I encounter any manner of exploit I will firewall the entire subnet from my networks. This is dependent on the type and character of attack. Some exploit attempts are trivial. Others much more sophisticated.
Everybody gets firewalled at the expense of others on the same subnet who cohabitate well with others on the net.
It's really old but I have no intention of stopping this policy. It seems that such exploits have been on the increase lately. Whereas after my daily log review I was once concerned with checking and dealing with exploits once or twice a week now exploits pop up daily.