Re: Ipsec & SQL Server

From: Mark J. McGinty (mmcginty_at_spamfromyou.com)
Date: 05/21/05

  • Next message: Mike St.Onge: "SQL Service Accounts" 
    Date: Sat, 21 May 2005 00:15:49 -0700

    "msn@jrbrady.com" <msnjrbradycom@discussions.microsoft.com> wrote in message
    news:8667F548-DA4B-40FA-B609-9B69A6F5A985@microsoft.com...
    > I, too, am coming under constant attack from hackers attempting to use
    > brute
    > force techniques to log into my SQl Server.
    >
    > A significant number of these attacks seem to be coming from APNIC:
    > specificially, IP addresses in the range 210.0.0.0 to 211.255.255.255.
    > Also,
    > I get 50 or so SQL Slammer Worm propagation attempts a week, most of these
    > coming from IP addresses beginnign with 61 and 68 (also APNIC, BTW).
    >
    > My question is how, exactly, using IPSEC, can I block all IP address
    > begining with, say, 61, and all address between 210.0.0.0 to
    > 211.255.255.255.
    > I set up a filter defined for "A Specific IP Subnet" as Source Address
    > 61.0.0.0 with Source Mask, 255.255.255.0, but Ip addresses starting with
    > 61
    > are not being filtered out. What am I doing wrong?
    >
    > BTW, please don't reply to msn@jrbrady.com as this address is bloked due
    > to
    > a surge in viruses being emailed to me there. Please use
    > bNrOaSdPyA@Msenior-direct.com instead, but remove the capital letters
    > first.
    >
    > TIA!

    The mask for a class A netblock is 255.0.0.0.

    Also note that not all of 68.0.0.0 is in APNIC or RIPE, for instance,
    68.224.0.0/16 belongs to Cox Communications, right here in the good old a US
    of A. :-)

    -Mark

  • Next message: Mike St.Onge: "SQL Service Accounts"
    • Quantcast