The logging I put in place is for a two criteria auto-blacklist:
1) Too many IPs on a single worker.
2) Too many requests with too few shares returned.
Do you mean to many IPs at the same time, or to many IPs over a period of time?
Over a reasonable period of time. Dynamic IP users won't need to fear the auto ban.