Re: sa loginname being hacked
From: Rob R. Ainscough (robains_at_pacbell.net)
Date: 10/18/05
- Next message: Rob R. Ainscough: "Re: sa loginname being hacked"
- Previous message: szv584 via SQLMonster.com: "Re: xplog70.dll"
- In reply to: Pipo: "sa loginname being hacked"
- Next in thread: Joe Yong: "Re: sa loginname being hacked"
- Reply: Joe Yong: "Re: sa loginname being hacked"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 18 Oct 2005 13:21:46 -0700
Pipo,
Use a long password -- it maybe a matter of time, but even at login attempt
every 1 second it would be several million years before they'd even reach
the 1/2 way point in possible combinations -- do the math, you can figure
out how long it would take to process every possible combination. These
types of hackers are really pretty stupid -- I find them annoying because of
the resources they use on my SQL Server and bandwidth.
I do a daily check using netstat -n and then just add new SQL hacker IP
addresses to my IPSec blocking configuration. I'm coding a solution that
can update my IPSec dynamically and re-open blocked IPs when/if they come
clean -- couple of days coding in what little free time I have.
Tis an annoying problem for sure and 90% of the attacks are from foreign
countries (I live in the US) with the majority coming from Korea and few
from Russia -- Russian attacks are easy to spot for me, takes them a good 10
seconds before they can even re-attempt a login.
I'm also setting up an bait and trap SQL Server with fake CC info that is
REAL easy to get into (not too easy or else the hacker may get suspecious)
and then waiting for the 'real' identity to attempt to get in and extract
data (also coding a program to help me with this on my own time) -- you
might say I'm getting personal about these attackers. Hey someone has got
to do it since Microsoft have dropped the ball and don't seem that
interested. Of course, with IP spoofing nothing is really secure or
guaranteed -- this is just to identify the lame hackers, but since most are
in Korea it ain't like anything can be done about it (although I do have
some ideas -- bait CC/SS numbers that when used request arrest of the person
using it -- ya know, all the typical things that SHOULD be happening at
large corporations and banks that have the resources but don't implement
anything but do charge you for anti-identity theft).
Rob.
"Pipo" <Pipo@home.com> wrote in message
news:OAK3n%23l0FHA.560@TK2MSFTNGP12.phx.gbl...
> Hi,
>
> Is there a way to change the sa as loginname?
> At work we are getting haked by 'brut-force', every second we are beinbg
> attacked with sa and a password.
> It's a matter of time when the password will be hacked, so changing the
> password isnt a solution.
> If we also can change the sa loginname we will be better of.
> Or is there something else we can do to prevent the hackers to get our sa
> password?
>
> Many thanks
>
- Next message: Rob R. Ainscough: "Re: sa loginname being hacked"
- Previous message: szv584 via SQLMonster.com: "Re: xplog70.dll"
- In reply to: Pipo: "sa loginname being hacked"
- Next in thread: Joe Yong: "Re: sa loginname being hacked"
- Reply: Joe Yong: "Re: sa loginname being hacked"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
