i got hit a few times from 184.108.40.206
so i do a whois and find out more korea fun.
i then look at my iptables entries for korea.
i have the following:
(root on email@example.com) (/etc/sysconfig)
> iptables -nvL | grep 211 | grep 104
0 0 DROP all -- * * 220.127.116.11/13 0.0.0.0/0
now a 18.104.22.168/13 will kill all up to 22.214.171.124
so 211.108 should easily be in that range.
so HOW did i get any attacks at all?