If you run a fake host (honeypot) to waste their resources, won’t they run a fake attack to waste your resources? Unless it is a substantial asset, all a honeypot will do is detect a honeypot detector?
When the attack comes from dhcp-XX-XX-XX-XX.rotation5.pool7.isptelecoms.co.abc, you can now determine to block all further attacks from that IP address, but to what positive effect? The next probe will come from
somewhere else and just skip over your detector?
The point of honeypots is not to block malicious IPs, but to become aware of places in your security concept where more hardening is needed, be it exploits, misconfigured firewalls, etc.
That can be a lot of things, blocking IP ranges can be one of those things if you e.g. only want to allow access to your assets from your building, but that's a general step and not reactionary to attacks.
When the attack comes from dhcp-XX-XX-XX-XX.rotation5.pool7.isptelecoms.co.abc, you can now determine to block all further attacks from that IP address, but to what positive effect? The next probe will come from somewhere else and just skip over your detector?