Re: Ipsec & SQL Server

msn_at_jrbrady.com
Date: 05/24/05 

Date: Tue, 24 May 2005 13:41:05 -0700

Thanks for your response. I changed the entry for "A Specific IP Subnet" to
Source Address 61.0.0.0 with Source Mask, 255.0.0.0, but Ip addresses
starting with
61 are still geting through. What am I doing wrong?

"Mark J. McGinty" wrote:

>
> "msn@jrbrady.com" <msnjrbradycom@discussions.microsoft.com> wrote in message
> news:8667F548-DA4B-40FA-B609-9B69A6F5A985@microsoft.com...
> > I, too, am coming under constant attack from hackers attempting to use
> > brute
> > force techniques to log into my SQl Server.
> >
> > A significant number of these attacks seem to be coming from APNIC:
> > specificially, IP addresses in the range 210.0.0.0 to 211.255.255.255.
> > Also,
> > I get 50 or so SQL Slammer Worm propagation attempts a week, most of these
> > coming from IP addresses beginnign with 61 and 68 (also APNIC, BTW).
> >
> > My question is how, exactly, using IPSEC, can I block all IP address
> > begining with, say, 61, and all address between 210.0.0.0 to
> > 211.255.255.255.
> > I set up a filter defined for "A Specific IP Subnet" as Source Address
> > 61.0.0.0 with Source Mask, 255.255.255.0, but Ip addresses starting with
> > 61
> > are not being filtered out. What am I doing wrong?
> >
> > BTW, please don't reply to msn@jrbrady.com as this address is bloked due
> > to
> > a surge in viruses being emailed to me there. Please use
> > bNrOaSdPyA@Msenior-direct.com instead, but remove the capital letters
> > first.
> >
> > TIA!
>
> The mask for a class A netblock is 255.0.0.0.
>
> Also note that not all of 68.0.0.0 is in APNIC or RIPE, for instance,
> 68.224.0.0/16 belongs to Cox Communications, right here in the good old a US
> of A. :-)
>
>
> -Mark
>
>
>