Log IPs
-
How would one make SQL SERVER Log the IP on a failed login attempt ?
In profiler all i see is 'SERVER' as the host and since there is no 'SERVER' in my network I am not able to block this hackers IP.
Netstat is not good because i can't pick out the right IP.
Errorlog says "sa password failed" but doesn't tell me the hacker's IP
-
This was removed by the editor as SPAM
-
IP is not something that is SQLs responsibility, it's done by the OS so you can either monitor there, or check your firewall logs.
You _do_ have a firewall right?
Another thing to point out is that you should disable SQL Authentication and thereby avoid the whole problem of people sneaking in through 'sa'.
-
Disabling SQL Authentication isn't always an option.
I agree that a firewall or some sort of IP monitoring/blocking, preferably in front of the SQL server is the best approach.
-- J.T.
"I may not always know what I'm talking about, and you may not either."
Viewing 4 posts - 1 through 3 (of 3 total)
You must be logged in to reply to this topic. Login to reply