Re: Brute Force Attack

From: cisco (cisco_app@hotmail.com)
Date: 10/21/02 

From: cisco_app@hotmail.com (cisco)
Date: 21 Oct 2002 12:15:48 -0700

Well the box that SQL Server is on also has the web server running. I
would block all ports except port 80 to the box but some people are
going to be adding data to sql server directly. Hopefully, we get a
firewall soon.
I will look into some of the windows settings byron mentioned in the
previous post.

thanks

Neil Pike <neilpike@compuserve.com> wrote in message news:<VA.00005e60.0cdef8fc@compuserve.com>...
> Francisco,
>
> Why do you need a SQL Server box to be directly internet accessible? No,
> there is no SQL Server mechanism to stop or slow down these attacks - you must
> use a firewall and/or o/s level filtering to stop it.
>
> > Well i keep on getting sa login attempts from a particular ip address
> >
> > a couple of HUNDRED of these.. well more like thousands of tries
> > TCP server:ms-sql-s svcr-216-37-230-161.dsl.svcr.epix.net:1036
> > TIME_WAIT
> >
> > Is there anyway i can block this guy from trying? Or atleast when he tries
> > more than 5 times in a row that ip address can't try another password for
> > sa? I tried to see if there was a disable sa acct but nothing.
> >
> > any suggestions with this would be great. This guy floods me with requests
> > and i would just like to block him. I changed the sa to a huge random
> > character password.
> >
> > How about a setting like IIS? To enable/disbale IP access from a particular
> > box or enable for specific ip addresses?
>
> Neil Pike MVP/MCSE. Protech Computing Ltd
> Reply here - no email
> SQL FAQ (484 entries) see
> http://forumsb.compuserve.com/gvforums/UK/default.asp?SRV=MSDevApps
> (faqxxx.zip in lib 7)
> or www.ntfaq.com/Articles/Index.cfm?DepartmentID=800
> or www.sqlserverfaq.com
> or www.mssqlserver.com/faq

Relevant Pages

  • Re: Can SQL be told to stop listening on specific IPs on its computer ?
    ... ports on the firewall or in packet filtering on the OS network control ... >> In terms of the IPs and the web addresses, ... >> and SQL Server installed on the same server? ... >>>to tell SQL server what IPs and ports to listen on. ...
    (microsoft.public.sqlserver.security)
  • Re: Deploying ASP.NET Application
    ... I think this is not about firewall port blocking, ... > SQL Server does not exist or access denied. ... deployed on that server - it has something to do with ports on the firewall ... environment to our production environment. ...
    (microsoft.public.dotnet.framework.aspnet)
  • Re: SQL Server Specific Windows Firewall Exception
    ... if I've gone into the Surface Area Configuration and enabled remote ... Windows Firewall" articles than I would like. ... several policies to open different ports and/or point at different EXE's ... SQL Server 2005 so that we don't have to add a number of different program ...
    (microsoft.public.sqlserver.connect)
  • Re: SQL Server 2005 Transaction VPN Firewall
    ... den MSDTC habe ich eingerichtet, wenn ich die Firewall alle Ports aufmache, ... Kann man die Verbindung nicht auf einen festen Port legen? ... wie geht das in SQL Server 2005? ... Ports da genutzt werden. ...
    (microsoft.public.de.sqlserver)
  • Re: Securing SBS 2003
    ... to have to except all ports I DO want enabled...which means I've got to find ... > is the hardware firewall, they are very inexpensive for what you are asking ... email and SQL Server databases. ... >> What are the best practices for securing SQL server databases? ...
    (microsoft.public.windows.server.sbs)
Quantcast