June 10, 2013 at 8:48 am
I get this error in the event log for MS SQL 2008 SP1:
SSPI handshake failed with error code 0x8009030c, state 14 while establishing a connection with integrated security; the connection has been closed. Reason: AcceptSecurityContext failed. The Windows error code indicates the cause of failure. [CLIENT: 14.200.19.3]. I have received this error 32 times in the last 24 hours. The Client IP address changes, but they all seem to be from India when I look it up. There's no way that there anyone valid from India who is trying to log in.
How can I prevent these attacks? They don't get in, I want it to be rejected before it even gets to my server.
June 10, 2013 at 8:49 am
Sorry, this is SP2, not SP1.
June 10, 2013 at 9:03 am
Err...you close off your SQL Server from the outside world at the network level.
It's dangerous to have your SQL Server instance exposed to the internet without any inbound IP restrictions, it's not really designed for that level of security hardening. Most people would either not expose it at all and only allow access via LAN/WAN (via VPN), or severely lock down inbound IPs at the firewall to known addresses.
Where is your user base? Are they accessing the instance from a remote location? Is their IP range known?
June 10, 2013 at 10:30 am
Thank you Ten Centuries. I know this must seem like a really basic answer! I didn't have windows firewall on because I had removed WebRoot in order to upgrade it. Now WIndows Firewall is back up and I have not had anymore hackers trying to get into SQL Server. Thank you! :w00t:
Viewing 4 posts - 1 through 4 (of 4 total)
You must be logged in to reply to this topic. Login to reply