I need the IP from these domain subdomain

rizarobbi · December 13, 2023, 9:01am

Hello everybody
Is there a best practice made of separating download lines for Windows updates with mangle? The goal is to separate queue speed-update OS Windows

I’m confused on the address list, because there are a lot of domains like the bottom that get the IP from that domain.

http://windowsupdate.microsoft.com
HTTP /. Windowsupdate. Microsoft
https://. Windowsupdate.microsoft
HTTP://.Updates.Microsoft
https://.Updating.Microsoft
Http/ .Windowsupdate.com
http://download.windowsupdate.com
http://download.microsoft.com
HTTP://.Download.Windowsupdate.com
http://wustat.windows.com
http://ntservicepack.microsoft.com
https://*.Ga.Microsoft

Does anyone have any experience with the case?

thankyou

LdB · December 15, 2023, 2:01am

Windows will randomly change the IP and domains anyhow to stop hackers trying to pretend to be a windows update.

Can I suggest a different tack Windows Update uses TCP port 80, 443 to setup a random port 49152-65535 for the stream.

Why don’t you first try marking that traffic and see what is in there

/ip firewall mangle add chain=prerouting protocol=tcp dst-port=49152-65535 action=mark-packet new-pac
ket-mark=possible-win-update passthrough=yes

If that captures the traffic you want then apply a queue using the mark