dfwci.com

Computer Service / Network Integration / Performance Tuning

Home » Windows Server DDOS IP Addresses

Windows Server DDOS IP Addresses

Just as a PSA

DDOS List

I am publishing a more or less complete list of IP addresses I found attempting a Terminal Services access to one of my client’s servers.

This is a remotely hosted Windows 2008 R2 server

It was being slammed by remote access failed logins (one day I documented 40,000 failed logins in a 12 hour period) so I restricted all remote logins to the IP addresses for our registered users.

This is clearly a DDOS attack

On 4 separate occasions over the span of a week, the server locked up and had to be hard booted.

Then I discovered massive numbers of Terminal Services failed logins.  So I restricted Terminal Services logins to ONLY mine and the client’s office IPs.

And just for the heck of it I decided to transcribe all the IP addresses I found trying to access Terminal Services.

I got tired of doing this after about 150 addresses, so I dumped the list into a spreadsheet, sorted by that column and deleted duplicates.  The partial list is below.

My approach to dealing with blocking rogue addresses is simple.

Take one of these IPs, like 104.211.213.102.  I block the entire range of 104.211.213.1-254 in the firewall rules.  I have found multiple addresses in any given subnet to be attacking the server, so this is the simple approach.

The best approach is to allow access to ONLY your fixed range of addresses used by the client.

This is a LOT less work than trying to block all the rogue IPs on the planet.

 

 

104.211.213.102
104.248.156.86
107.170.218.248
109.201.152.19
109.238.46.138
110.77.131.70
117.4.186.79
117.4.32.13
121.7.45.91
139.60.160.198
139.60.160.98
143.208.180.97
148.244.170.211
163.172.107.202
163.172.23.6
169.199.2.57
169.239.84.5
169.255.30.106
171.244.21.171
172.104.24.185
173.12.171.53
173.234.159.196
174.127.112.75
174.128.235.120
174.99.131.47
177.43.223.89
180.210.201.9
181.48.236.75
184.105.139.70
184.105.247.252
184.177.168.34
184.71.2.222
185.107.44.41
185.129.148.214
185.143.223.53
185.143.223.94
185.156.177.52
185.176.27.78
185.181.102.18
185.209.0.4
185.209.0.41
185.220.70.150
185.234.216.23
185.81.128.113
186.103.198.125
188.277.46.94
190.171.114.191
190.4.191.150
192.238.46.89
193.169.252.69
193.188.22.17
193.188.22.2
193.188.23.28
193.238.46.106
193.238.46.131
193.238.46.73
194.113.106.231
194.113.106.234
194.28.115.246
195.189.249.123
195.19.10.135
195.206.252.234
198.98.113.2
201.140.158.218
201.16.197.207
203.104.35.160
204.244.86.222
207.194.66.125
207.244.86.222
208.96.137.68
209.165.247.179
210.41.195.1
210.56.9.219
212.214.102.214
212.92.106.176
212.92.111.145
212.92.112.51
212.92.114.98
212.92.115.7
212.92.116.106
212.92.117.1
212.92.117.55
212.92.121.217
212.92.122.126
212.92.123.182
212.92.124.101
212.92.124.191
216.218.206.66
216.218.206.67
216.218.206.69
220.133.14.47
221.214.102.214
221.229.160.224
223.255.139.18
35.241.188.100
37.221.253.42
37.252.14.27
37.252.15.6
37.352.14.27
40.85.242.189
45.227.255.191
45.277.255.96
46.149.84.113
46.161.27.17
46.38.51.34
5.188.206.26
5.236.123.204
5.45.72.49
50.237.6.66
50.246.52.165
52.86.49.80
54.236.214.57
54.69.51.245
59.14.72.235
62.210.38.61
67.115.118.12
67.154.190.139
67.200.158.3
67.8.22.225
68.129.202.154
68.15.137.133
70.89.155.89
71.173.82.129
72.190.93.189
74.82.47.3
74.94.222.171
76.79.155.9
77.243.191.18
77.243.191.19
77.243.191.26
79.129.121.210
81.149.157.107
81.171.98.225
82.202.163.232
82.202.163.236
85.193.223.21
85.259.236.215
89.248.168.162
89.248.168.5
91.212.150.87
92.104.49.79
92.246.76.63
93.157.62.142
93.174.93.2
94.102.49.64
94.102.49.78
94.113.106.169
96.2.145.181
98.159.216.230

Name of author

Name: Wizard

Short Bio: The Computer Wizard (TCW). TCW was founded by Warren P. Harris in 1994 to service and repair computers in the San Francisco Bay Area. Relocating the business to Plano, Texas in 1999, TCW continued to flourish when an unfortunate loss of data for a wedding Mr. Harris photographed, caused him to research data recovery options. Realizing he would have to either pay someone to recover the photos or find out how to do it himself, the rest, as they say "is history". Approached by a friend who was a Private Investigator in 2006, Mr. Harris studied for his Investigator's license and began honing his skills in Computer Forensics. The company was renamed DFW Computer Integration in 2015.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.