Re: Is there any way to prevent hacker trying to guess sa password?

From: Rob R. Ainscough (robains_at_pacbell.net)
Date: 10/11/05 

Date: Tue, 11 Oct 2005 08:50:33 -0700

Hi Ken,

The problem is, those that should be permitted access are not static IPs
(they could be a broadband connection with a dynamic IP) -- IPs can and do
change so that would involve a lot of maintenance to keep them updated not
to mention the end user would NOT have a clue what is wrong with the
applicaiton that no longer can communicate to the SQL Server.

Is there really NOTHING built into Win2K3 or SQL 2000 that has any
intelligence about prevent hacker attacks? I mean the pattern of a SQL
hacker is pretty simple -- look in the event viewer at the 20000+ login sa
failed attempts (once every 10 seconds). What I don't like is the
processing time the hacker consumes with all the failed login attempts --
with my 40 character password at one attempt every 10 seconds it would still
take them 5.6034833284317069404025203533663e+87 years to guess the
password -- even assuming they got lucky and hit the jackpot in 1/2 the time
that is still 2.8017416642158534702012601766831e+87 years. So am I worred
about using port 1433, no -- just annoyed that there doesn't appear to be
any tools to automatically ignore these attempts and stop using up my
bandwidth and resources.

Rob.

"Ken Schaefer" <kenREMOVE@THISadOpenStatic.com> wrote in message
news:e1Lu4shzFHA.3408@TK2MSFTNGP09.phx.gbl...
> Is is absolutely required that port 1433 be open to the entire internet?
> If
> not, why not use a firewall or similar to block all IP addresses except
> those that should be permitted access?
>
> Cheers
> Ken
>
> "Rob R. Ainscough" <robains@pacbell.net> wrote in message
> news:%23qF1TlhzFHA.2640@TK2MSFTNGP10.phx.gbl...
> : Hi Sue,
> :
> : I don't suppose Microsoft provide any such easy to use tools to monitor
> : "patterned" network traffic -- i.e. the same IP attempting connection
> with
> : my SQL Server every 10 seconds? Also is there anything in SQL Server
> 2000
> : that can filter out an IP that attempts more than XYZ failed attempts at
> : login with sa?
> :
> : It seems that 95% of hacker activity/patterns are very similar, but I'm
> not
> : finding anything in the MS 2003 Server nor in MS SQL Server 2000 that
> would
> : help identify and prevent these patterns -- am I just missing something?
> :
> : If not, are there any tools out there (paid or free) that are easy to
> use
> : with minimal setup -- I'm a developer and don't have the time to spend
> on
> : tracking stuff like this down and I've got more important task to
> accomplish
> : with looming deadlines.
> :
> : Any recommendation, tips, hints, web sites to visit would be most
> : appreciated.
> :
> : Thanks, Rob.
> :
> : "Sue Hoegemeier" <Sue_H@nomail.please> wrote in message
> : news:3l3mk1hjlkko4ncs8fajt0gn9m2gi3n4m6@4ax.com...
> : > Nothing built into SQL Server 2000 - you have to get at this
> : > through the OS level using Network Monitor or another
> : > sniffer to capture the IP of the source.
> : >
> : > -Sue
> : >
> : > On Mon, 10 Oct 2005 13:01:32 -0700, "Rob R. Ainscough"
> : > <robains@pacbell.net> wrote:
> : >
> : >>Some hacker has set off a program to try and guess the sa password to
> my
> : >>SQL
> : >>Server that is public (1433 is open) -- I'm logging all the attempts
> : >>(about
> : >>6 a minute from the start of my logging til now -- several 100,000
> : >>combinations and counting.
> : >>
> : >>Is there anyway to detect the source IP and block/shut it down?
> : >>
> : >>Thanks, Rob.
> : >>
> : >
> :
> :
>
>

Quantcast