Re: Is there any way to prevent hacker trying to guess sa password?
From: Rob R. Ainscough (robains_at_pacbell.net)
Date: 10/13/05
- Next message: Russell Stevens: "Re: Is there any way to prevent hacker trying to guess sa password?"
- Previous message: Rob R. Ainscough: "Re: Is there any way to prevent hacker trying to guess sa password?"
- In reply to: Russell Stevens: "Re: Is there any way to prevent hacker trying to guess sa password?"
- Next in thread: Russell Stevens: "Re: Is there any way to prevent hacker trying to guess sa password?"
- Reply: Russell Stevens: "Re: Is there any way to prevent hacker trying to guess sa password?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 13 Oct 2005 08:35:24 -0700
Russ,
What is the migration path like to SQL Server 2005? I've got the betas but
have not installed or tested with it.
How is installation and setup?
Any connection issues with ADO.NET? Do I need to change my connection
string?
I don't use sa period (with the exception of automatic database builds from
scratch -- this is rare), I setup my own SQL Server accounts and use those.
I don't like to use NT authentication because I don't want a hacker gaining
access to both SQL server and the OS just in case they were able to guess
the password.
I do write to event log with failed logins with sa and that is how I know
there is some drone attemtping to get in, but thanks for the tip on
netstat -n, I will try that out.
Thanks for your suggestions,
Rob.
"Russell Stevens" <rustyprogrammer@online.nospam> wrote in message
news:OkVRRZ6zFHA.612@TK2MSFTNGP10.phx.gbl...
> Rob,
>
> I have been down this road - you can use SQL Profiler to record
> unsuccessful login attempts. You can include the login (such as sa, admin,
> root, are the common ones they try). When you see a break in attempt you
> can run netstat or netstat -n. Look for entries that are for ms-sql and
> that say "Time Wait". The hackers will be obvious. You can then block that
> IP (use a firewall or local security policy). You may need to do this
> several times per day as new drones are coming online all the time
> searching for SQL servers. They will never be able to guess a strong sa
> password but they can use up a lot of bandwidth trying. Microsoft refuses
> to fix this in SQL 2000 - you cannot rename the sa account or delete it or
> stop continuous login attempts.
>
> Microsoft has fixed the problem in SQL 2005 - due to be released next
> month. It allows you to use the OS features - ie - you can allow say 5
> unsuccessful logins then block them for 30 minutes (or whatever you
> specify). This totally fixes the bandwidth issue for nerds trying to login
> as sa, root, admin, etc. Of course if someone is trying to login with a
> login that you actually use, you can end up locking yourself out - but you
> shouldn't be using the sa login for anything anyway.
>
> Russ Stevens
>
>
- Next message: Russell Stevens: "Re: Is there any way to prevent hacker trying to guess sa password?"
- Previous message: Rob R. Ainscough: "Re: Is there any way to prevent hacker trying to guess sa password?"
- In reply to: Russell Stevens: "Re: Is there any way to prevent hacker trying to guess sa password?"
- Next in thread: Russell Stevens: "Re: Is there any way to prevent hacker trying to guess sa password?"
- Reply: Russell Stevens: "Re: Is there any way to prevent hacker trying to guess sa password?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
