100 TIME_WAIT Connections to 1433 (sqlserver) port from one remote IP

Question

What to do? Block that IP in firewall? What is this?

Answer 1

Probably a bot/virus/zombie/what-ever trying to brute-force guess a login for a SQL server, and perhaps not handshaking or disconnecting after a failed attempt properly.

If you have no need for external connections to any SQL servers on yuor network then block port 1433 from everywhere. In fact, best practise is to block everything and only allow the specific things that you do need incoming.

If you do need external connections to a SQL server, then I suggest you try some form of VPN or other secure tunnelling arrangement instead of having the port open to the unforgiving outside world, even if IP filtered.