If the server manager already installed a firewall and some other defense software, there is not much else you can do than wait and see if these are enough to protect you against new attacks.
Normally attacks with IP spoofing use random IP addresses. Most of the active IP addresses are used by surfers not by data centers. With all IPs resolving to data centers, it seems unlikely to me that they were randomly assigned spoofed IPs. I would rather suspect that these are hacked servers, or maybe these servers are anonymous proxy servers.
In both cases (hacked servers or anonymous proxies) I would block these IPs if they were attacking my server. No need to grant them access to your server and the changes that they are used by legitimate visitors of your site is not so large.