Serge de Souza wrote:
Gerry Doris wrote: > I had so many problems with the 218.0.0.0/24 domain that I totally
blocked the entire domain. I believe this domain is in Korea.
How did you figure that one out ???
whois 218.214.0.0
[Querying whois.apnic.net] [whois.apnic.net] % [whois.apnic.net node-2] % Whois data copyright terms http://www.apnic.net/db/dbcopyright.html
inetnum: 218.214.0.0 - 218.214.255.255
netname: SWIFTEL
descr: Swiftel Communications, Telecommunications Carrier Service Provider, Perth, WA
country: AU
^^^^^
Your method is obviously flawed ...
218.0.0.0/24 does not include 218.214.0.0, and 218.0.0.0/24 is owned by various businesses in China.
The original message for this thread said the attack came from 218.232.109.187, which IS owned by Korea:
IPv4 Address : 218.232.109.0-218.232.109.255
Network Name : HANANET-INFRA
Connect ISP Name : HANANET
Org Name : Hanaro Telecom Inc. State : SEOUL
Country : KOREA-KR
So, I would block the entire range of IP addresses (218.232.109.0/24)