Re: Is there any way to prevent hacker trying to guess sa password?
From: Russell Stevens (rustyprogrammer_at_online.nospam)
Date: 10/13/05
- Next message: Rob R. Ainscough: "Re: Is there any way to prevent hacker trying to guess sa password?"
- Previous message: Ken Schaefer: "Re: Is there any way to prevent hacker trying to guess sa password?"
- In reply to: Rob R. Ainscough: "Is there any way to prevent hacker trying to guess sa password?"
- Next in thread: Rob R. Ainscough: "Re: Is there any way to prevent hacker trying to guess sa password?"
- Reply: Rob R. Ainscough: "Re: Is there any way to prevent hacker trying to guess sa password?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 12 Oct 2005 23:29:19 -0400
Rob,
I have been down this road - you can use SQL Profiler to record
unsuccessful login attempts. You can include the login (such as sa, admin,
root, are the common ones they try). When you see a break in attempt you can
run netstat or netstat -n. Look for entries that are for ms-sql and that say
"Time Wait". The hackers will be obvious. You can then block that IP (use a
firewall or local security policy). You may need to do this several times
per day as new drones are coming online all the time searching for SQL
servers. They will never be able to guess a strong sa password but they can
use up a lot of bandwidth trying. Microsoft refuses to fix this in SQL
2000 - you cannot rename the sa account or delete it or stop continuous
login attempts.
Microsoft has fixed the problem in SQL 2005 - due to be released next
month. It allows you to use the OS features - ie - you can allow say 5
unsuccessful logins then block them for 30 minutes (or whatever you
specify). This totally fixes the bandwidth issue for nerds trying to login
as sa, root, admin, etc. Of course if someone is trying to login with a
login that you actually use, you can end up locking yourself out - but you
shouldn't be using the sa login for anything anyway.
Russ Stevens
- Next message: Rob R. Ainscough: "Re: Is there any way to prevent hacker trying to guess sa password?"
- Previous message: Ken Schaefer: "Re: Is there any way to prevent hacker trying to guess sa password?"
- In reply to: Rob R. Ainscough: "Is there any way to prevent hacker trying to guess sa password?"
- Next in thread: Rob R. Ainscough: "Re: Is there any way to prevent hacker trying to guess sa password?"
- Reply: Rob R. Ainscough: "Re: Is there any way to prevent hacker trying to guess sa password?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
