Re: Brute Force Attack

From: Neil Pike (neilpike@compuserve.com)
Date: 10/21/02 

Date: Mon, 21 Oct 2002 08:41:07 +0100
From: Neil Pike <neilpike@compuserve.com>

 Francisco,
 
 Why do you need a SQL Server box to be directly internet accessible? No,
there is no SQL Server mechanism to stop or slow down these attacks - you must
use a firewall and/or o/s level filtering to stop it.
 
> Well i keep on getting sa login attempts from a particular ip address
>
> a couple of HUNDRED of these.. well more like thousands of tries
> TCP server:ms-sql-s svcr-216-37-230-161.dsl.svcr.epix.net:1036
> TIME_WAIT
>
> Is there anyway i can block this guy from trying? Or atleast when he tries
> more than 5 times in a row that ip address can't try another password for
> sa? I tried to see if there was a disable sa acct but nothing.
>
> any suggestions with this would be great. This guy floods me with requests
> and i would just like to block him. I changed the sa to a huge random
> character password.
>
> How about a setting like IIS? To enable/disbale IP access from a particular
> box or enable for specific ip addresses?

 Neil Pike MVP/MCSE. Protech Computing Ltd
 Reply here - no email
 SQL FAQ (484 entries) see
 http://forumsb.compuserve.com/gvforums/UK/default.asp?SRV=MSDevApps
 (faqxxx.zip in lib 7)
 or www.ntfaq.com/Articles/Index.cfm?DepartmentID=800
 or www.sqlserverfaq.com
 or www.mssqlserver.com/faq