It's not "trivial", and it costs dollars, not pennies for that many attack endpoints[1]. My firewalls scale much more cost effectively, especially when I coalesce individuals into netblocks.

I don't think fail2ban protects obfuscated ports, I know it. If an IP is trying to connect to a system on port 22, it is ipso facto unwanted and doing unauthorized activities. Plonk! Onto the ban list it goes. You'd be surprised how effective that is.

Once the roar of automated skiddies is silenced, the signal of real attacks cuts through the noise quite clearly.

Remember, to avoid being eaten by most bears, you don't have to outrun them -- you only have to outrun the poor sap next to you. ;-) There is real world value in raising the bar and becoming even a moderately harder target than the rest of the crowd.

Maybe I should spin up a vanilla VM and just let it get hammered for a month and post the logs here....

[1] It's been a while since I looked at prices for tens of thousands of distinct proxy connections. Anyone want to pretend to be a hax0r and get a current price quote?