i got hit a few times from 220.127.116.11
so i do a whois and find out more korea fun.
i then look at my iptables entries for korea.
i have the following:
(root on email@example.com) (/etc/sysconfig)
> iptables -nvL | grep 211 | grep 104
0 0 DROP all -- * * 18.104.22.168/13 0.0.0.0/0
now a 22.214.171.124/13 will kill all up to 126.96.36.199
so 211.108 should easily be in that range.
so HOW did i get any attacks at all?