SQL Clone
SQLServerCentral is supported by Redgate
 
Log in  ::  Register  ::  Not logged in
 
 
 


Will failed login attempts cause SQL Server performance issues?


Will failed login attempts cause SQL Server performance issues?

Author
Message
Sean Grebey
Sean Grebey
SSC Veteran
SSC Veteran (201 reputation)SSC Veteran (201 reputation)SSC Veteran (201 reputation)SSC Veteran (201 reputation)SSC Veteran (201 reputation)SSC Veteran (201 reputation)SSC Veteran (201 reputation)SSC Veteran (201 reputation)

Group: General Forum Members
Points: 201 Visits: 87
I'll be honest I really know jack about the inner workings of SQL, so any help would be appreciated. Trying to help my boss figure out why we have been having Server Too Busy errors with our website all day. The tech support at our hosting company seem to think it is an issue with too many concurrent connections to the database. I was looking in the log, and saw some thousands and thousands of failed attempts by some IP in Mubai to login using our sa account. Could that be causing us any issues?
arnipetursson
arnipetursson
UDP Broadcaster
UDP Broadcaster (1.4K reputation)UDP Broadcaster (1.4K reputation)UDP Broadcaster (1.4K reputation)UDP Broadcaster (1.4K reputation)UDP Broadcaster (1.4K reputation)UDP Broadcaster (1.4K reputation)UDP Broadcaster (1.4K reputation)UDP Broadcaster (1.4K reputation)

Group: General Forum Members
Points: 1437 Visits: 1019
How many times a second are the errors?

High number of login attempts can chew up CPU, but it would have to be very frequent.

Generally, any SQL server instance running on port 1433 and whose IP is not blocked by a firewall,
will see sa login attempts, primarily coming from IPs in China.
Sean Grebey
Sean Grebey
SSC Veteran
SSC Veteran (201 reputation)SSC Veteran (201 reputation)SSC Veteran (201 reputation)SSC Veteran (201 reputation)SSC Veteran (201 reputation)SSC Veteran (201 reputation)SSC Veteran (201 reputation)SSC Veteran (201 reputation)

Group: General Forum Members
Points: 201 Visits: 87
5 to 8 times a second for about 6 hours from the same IP.
arnipetursson
arnipetursson
UDP Broadcaster
UDP Broadcaster (1.4K reputation)UDP Broadcaster (1.4K reputation)UDP Broadcaster (1.4K reputation)UDP Broadcaster (1.4K reputation)UDP Broadcaster (1.4K reputation)UDP Broadcaster (1.4K reputation)UDP Broadcaster (1.4K reputation)UDP Broadcaster (1.4K reputation)

Group: General Forum Members
Points: 1437 Visits: 1019
And is CPU high on the SQL server box?

Is there a particular reason your SQL server is not behind a firewall?
jarid.lawson
jarid.lawson
SSChasing Mays
SSChasing Mays (621 reputation)SSChasing Mays (621 reputation)SSChasing Mays (621 reputation)SSChasing Mays (621 reputation)SSChasing Mays (621 reputation)SSChasing Mays (621 reputation)SSChasing Mays (621 reputation)SSChasing Mays (621 reputation)

Group: General Forum Members
Points: 621 Visits: 436
As a related question, if the port is set to 1433, should it be changed to prevent this? Is this typical hacker type of issues?

“Any fool can know. The point is to understand.”
- Albert Einstein

"DOH!"
- Homer Simpson

arnipetursson
arnipetursson
UDP Broadcaster
UDP Broadcaster (1.4K reputation)UDP Broadcaster (1.4K reputation)UDP Broadcaster (1.4K reputation)UDP Broadcaster (1.4K reputation)UDP Broadcaster (1.4K reputation)UDP Broadcaster (1.4K reputation)UDP Broadcaster (1.4K reputation)UDP Broadcaster (1.4K reputation)

Group: General Forum Members
Points: 1437 Visits: 1019
As a rule I don't like to run on 1433.

Yes, any scanning tool out there will try to attack 1433 first.
They will try to log in as sa and sometimes other logins such as dbadmin or some such thing.

Also they will throw a malformed packet at the port to see if they get something useful back.
Sean Grebey
Sean Grebey
SSC Veteran
SSC Veteran (201 reputation)SSC Veteran (201 reputation)SSC Veteran (201 reputation)SSC Veteran (201 reputation)SSC Veteran (201 reputation)SSC Veteran (201 reputation)SSC Veteran (201 reputation)SSC Veteran (201 reputation)

Group: General Forum Members
Points: 201 Visits: 87
arnipetursson (12/18/2012)
And is CPU high on the SQL server box?

Is there a particular reason your SQL server is not behind a firewall?


I'll be honest, I am neither a DBA or a Network guy, and I've only been here a week. So my knowledge on why and how the database and web servers are setup is very limited.
peterdru401
peterdru401
SSC Journeyman
SSC Journeyman (85 reputation)SSC Journeyman (85 reputation)SSC Journeyman (85 reputation)SSC Journeyman (85 reputation)SSC Journeyman (85 reputation)SSC Journeyman (85 reputation)SSC Journeyman (85 reputation)SSC Journeyman (85 reputation)

Group: General Forum Members
Points: 85 Visits: 128
Its may be a performance related issue ...
check you CPU usage and memory usage for the sql server

If its taking much percentage as expected ..you should reorganize the indexes and

defragment your SQL database
Go


Permissions

You can't post new topics.
You can't post topic replies.
You can't post new polls.
You can't post replies to polls.
You can't edit your own topics.
You can't delete your own topics.
You can't edit other topics.
You can't delete other topics.
You can't edit your own posts.
You can't edit other posts.
You can't delete your own posts.
You can't delete other posts.
You can't post events.
You can't edit your own events.
You can't edit other events.
You can't delete your own events.
You can't delete other events.
You can't send private messages.
You can't send emails.
You can read topics.
You can't vote in polls.
You can't upload attachments.
You can download attachments.
You can't post HTML code.
You can't edit HTML code.
You can't post IFCode.
You can't post JavaScript.
You can post emoticons.
You can't post or upload images.

Select a forum

































































































































































SQLServerCentral


Search