i got hit a few times from 126.96.36.199
so i do a whois and find out more korea fun.
i then look at my iptables entries for korea.
i have the following:
(root on firstname.lastname@example.org) (/etc/sysconfig)
> iptables -nvL | grep 211 | grep 104
0 0 DROP all -- * * 188.8.131.52/13 0.0.0.0/0
now a 184.108.40.206/13 will kill all up to 220.127.116.11
so 211.108 should easily be in that range.
so HOW did i get any attacks at all?