I noticed many public SQL Server affected by brute force attacks to discover the sa password.After discussing on Microsoft Newsgroup with some Security Expert, I developed an HealthMonitor Plugin called Check SQLSec that verify the number of login failures against a specific threshold and return the IP Address of the attackers.
More details here.
1 commenti:
You can also block the attacker IP by adding it to an existing IP filter list.
Example for a Windows 2003 server:
cmd /c netsh ipsec static add filter filterlist="Block IP Numbers" srcaddr=CurIP dstaddr=me protocol=ANY mirrored=no
where "Block IP Numbers" is the name of the filter list and CurIP is the IP you are blocking.
Post a Comment