Re: SQL Server Security

From: Matt Barton (mattyb77@newsguy.com)
Date: 05/25/02

• Next message: Matt Barton: "Re: Encrypt / Decrypt password?"
• Previous message: Matt Barton: "Re: XML Files"
• In reply to: Lour: "SQL Server Security"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

From: Matt Barton <mattyb77@newsguy.com>
Date: Fri, 24 May 2002 22:35:51 -0500
To: Lour <mlgdelarosa@yahoo.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Fri, 24 May 2002, Lour wrote:

> I ran SQL Server Profiler. From the trace, I found out that there were
> a few times when someone tried logging in as 'sa' (we think it's a
> hacker). Profiler showed the hostname/clientname and the application
> name (Microsoft Windows Script Host).
>
> Is there a way to trace the IP address of these client machines who are
> trying to hack into SQL Server?

This is not necessarily someone trying to crack into SQL Server, as much
as it is a new worm.

        http://www.incidents.org/

There has been a huge increase in scans on port 1433 to which SQL Server
listens.

You should ensure that your SA password is VERY strong (random numbers,
letters, and non-alphanumeric characters). You should also firewall off
port 1433, if possible.

Good luck.

- --

Matt Barton mattyb77@newsguy.com
Indianapolis, IN http://www.mattbarton.ws/

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (FreeBSD)

iD8DBQE87waa0MGobtNQgm0RAtm/AJwMS6rzJjxzrFrJYRmHHQAPz6dqgQCdHW9c
9i/RS10hDZALYN+4jrq3zpM=
=ZIzw
-----END PGP SIGNATURE-----

---

• Next message: Matt Barton: "Re: Encrypt / Decrypt password?"
• Previous message: Matt Barton: "Re: XML Files"
• In reply to: Lour: "SQL Server Security"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages Re: SQL Server Profiler ... You can monitor your firewall logs to get the IP addresses. ... >I ran SQL Server Profiler. ... From the trace, I found out ... >machines who are trying to hack into SQL Server? ... (microsoft.public.sqlserver.security) Re: One Web Service updates SQL, another cant? ... section of the Trace Properties dialog. ... And then I start getting the database closed errors on subsequent calls. ... > The error suggests that somehow the connection to SQL Server is being ... Could we have a look at your connection string? ... (microsoft.public.sqlserver.security) SQL Server Profiler ... I ran SQL Server Profiler. ... that there were a few times when someone tried logging in ... Is there a way to trace the IP address of these client ... machines who are trying to hack into SQL Server? ... (microsoft.public.sqlserver.security) RE: cannot delete a record in sql server 2005 through asp program ... Using trace script he provided and trace file created by the script. ... SQL Server database by the asp application. ... Microsoft Online Community Support ... a Microsoft Support Engineer within 2 business day is acceptable. ... (microsoft.public.sqlserver.programming) SQL Server Security ... I ran SQL Server Profiler. ... that there were a few times when someone tried logging in ... Is there a way to trace the IP address of these client ... machines who are trying to hack into SQL Server? ... (microsoft.public.security)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(14)