February 28, 2004 at 11:23 am
Someone is trying to hack my database server trying to access my sa account remotely: there are tens of thounsands of attempts every day (never less than 50,000 attempts/day) allways from a single IP (one different IP each day) and this person is hiding using proxy servers.
Is there any way to block any attempt from accessing my SQL box from a specific IP after 3 failed logins ??
February 28, 2004 at 12:36 pm
I guess that's more of a firewall issue. You should team up with your network admin. Maybe you'll find additional information here
--
Frank Kalis
Microsoft SQL Server MVP
Webmaster: http://www.insidesql.org/blogs
My blog: http://www.insidesql.org/blogs/frankkalis/[/url]
February 29, 2004 at 2:16 pm
I agree with Frank. Try getting together with the network admin folks and try to block the attempts with the firewall.
Randy Dyess
March 1, 2004 at 2:37 am
I also agree with the others, but to answer your question: No, it is not possible to block an IP after failed logins. It is actually not possible to use any kind of password and login policies at all in SQL Server (will be in Yukon as I understand it). If they are changing IP all the time it might be difficult to block them, but why not go the other way? Is there any reason that your SQL box should be directly connected to the internet? I would assume there is one or maybe a couple of IP-addresses that should have access to it, so just block all other external IPs in your firewall. Remember to block both ports 1433 (or which port you are using for your server) and 1434 (the listening port). Actually, you should probably block all ports from external access except for specific IPs you know.
March 1, 2004 at 10:51 am
100% with Chris here
Don't permit access to SQL Server box directly !
And on the app side you can control how many attemps are permited after "n" failures and for how long to deny access to that account
* Noel
Viewing 5 posts - 1 through 4 (of 4 total)
You must be logged in to reply to this topic. Login to reply