Computer Service / Network Integration / Performance Tuning

Home » Windows Server DDOS IP Addresses

Windows Server DDOS IP Addresses

Just as a PSA


I am publishing a more or less complete list of IP addresses I found attempting a Terminal Services access to one of my client’s servers.

This is a remotely hosted Windows 2008 R2 server

It was being slammed by remote access failed logins (one day I documented 40,000 failed logins in a 12 hour period) so I restricted all remote logins to the IP addresses for our registered users.

This is clearly a DDOS attack

On 4 separate occasions over the span of a week, the server locked up and had to be hard booted.

Then I discovered massive numbers of Terminal Services failed logins.  So I restricted Terminal Services logins to ONLY mine and the client’s office IPs.

And just for the heck of it I decided to transcribe all the IP addresses I found trying to access Terminal Services.

I got tired of doing this after about 150 addresses, so I dumped the list into a spreadsheet, sorted by that column and deleted duplicates.  The partial list is below.

My approach to dealing with blocking rogue addresses is simple.

Take one of these IPs, like  I block the entire range of in the firewall rules.  I have found multiple addresses in any given subnet to be attacking the server, so this is the simple approach.

The best approach is to allow access to ONLY your fixed range of addresses used by the client.

This is a LOT less work than trying to block all the rogue IPs on the planet.

Name of author

Name: Wizard

Short Bio: The Computer Wizard (TCW). TCW was founded by Warren P. Harris in 1994 to service and repair computers in the San Francisco Bay Area. Relocating the business to Plano, Texas in 1999, TCW continued to flourish when an unfortunate loss of data for a wedding Mr. Harris photographed, caused him to research data recovery options. Realizing he would have to either pay someone to recover the photos or find out how to do it himself, the rest, as they say "is history". Approached by a friend who was a Private Investigator in 2006, Mr. Harris studied for his Investigator's license and began honing his skills in Computer Forensics. The company was renamed DFW Computer Integration in 2015.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.