Re: SQL Server 2000 behind ZoneAlarm Pro 4

From: Duane Arnold (notme_at_notme.com)
Date: 10/15/03 

Date: Wed, 15 Oct 2003 11:27:58 GMT

"Fox" <fox @ connexions .net> wrote in
news:zn3jb.20720$Ks5.3071@nwrddc02.gnilink.net:

> I am getting over 50 hits per second that are trying to get into the
> SA account.
> Although they cannot get in, it is using too much of my reources and
> it is creating a log file which is not manageable. I need to refer to
> the log file now for some work I am doing. But it is impossible.
>
> I tried creating Expert Rules for SQLSERVER but the hits keep showing
> up in the log. I must be missing something. Can anyone tell me how to
> stop these hits from making it to the SQL log ? I never created Expert
> Rules before and I really do not know what to block or change
> regarding SQL. I tried only allowing Trusted to Tursted. I tried only
> allowing the machine address. Nothing had any effect at all. Any ideas
> would be very welcome. If possible, I want to make it that the only
> way to access SQL is to go through the web sites which have pages
> which access it.
>
> Thanks,
> Fox
>
>

You don't want a machine that is running SQL Server with a host based FW
directly connected to the Internet like that. When a machine that has DOS
attacks like that against it with it being directly connected to the
Internet, the O/S on the machine and the host based FW have to use
resources slowing the machine down in doing other things. So no matter
what kind of a FW rule you have created to stop it, the O/S and the FW on
the machine must deal with it.

To stop this kind of an attack, one must get behind the protection of a
NAT router and let the router stop the unsolicited inbound traffic/attack
at the router level. This will free the machine from having to deal with
the attacks, using its resources to stop the attacks. Keep ZA on the
machine to backup the router and protect on the outbound from the
machine.

You can get a NAT router cheap now of days.

Duane :)

Relevant Pages

  • Re: PerfMon recording to SQL 2005
    ... I've been out of the SQL world for a couple years so dusting ... A System DSN, specifying windows authentication, and change to an ... Configuring the log file, choose the tested DSN as the System DSN ... The user account I created in SQL is an owner of the ...
    (microsoft.public.sqlserver.server)
  • Re: PerfMon recording to SQL 2005
    ... I've been out of the SQL world for a couple years so dusting off ... A System DSN, specifying windows authentication, and change to an existing ... Configuring the log file, choose the tested DSN as the System DSN ... The user account I created in SQL is an owner of the ...
    (microsoft.public.sqlserver.server)
  • Re: recover mode and the transaction log file question
    ... Andrew J. Kelly SQL MVP ... "Dan Guzman" wrote in message ... > changing the recovery model to FULL. ... >> I have setup the log file to not grow at all. ...
    (microsoft.public.sqlserver.programming)
  • Re: Security Update for SQL Server 2005 Service Pack 2 (KB948109)
    ... through the latest log file Summary.txt under the directory C:\Program ... SQL Express Features: ... that the account and domain running SQL Server Setup exist, ... have the administrator permissions required to rename a file: C: ...
    (microsoft.public.windowsupdate)
  • Re: Transaction Log ENORMOUS!! Help
    ... Actually that will issue the DBCC SHRINK DATABASE which does not allow you ... to control which amount of the data or log file is shrunk. ... If you use Shrinkfile you only work on a single file ... Andrew J. Kelly SQL MVP ...
    (microsoft.public.sqlserver.server)
Quantcast