Restrict IP Address to prevent invalid login attack to SQL Server.
Recently, we in customer scenario, amount of attacks come through making connection to SQL Server 2005 and trying invalid sa login. Under such a situation, SQL Server report error " login failed for user sa . It is quite annoying to get a lot of this kind of error under an attack and consequently impact the performance of SQL Server.
However, currently, SQL Server 2005 can not block client request based on IP Address automatically and it requires administrator to use one of the following operating system tools to workaround.
(1) IP SecConfigure IP Sec policy to block ip address from the attacker's machine. IPSec is available on windows 2000, XP and windows 2003.
http://support.microsoft.com/kb/313190
When enabling exception for SQL Server port, the administrator can specify which ip addresses/network to be allowed to connect to it. Currently Window Firewall is available on windows XP and windows 2003.
http://www.microsoft.com/technet/community/columns/cableguy/cg0204.mspx#ELC
Configure RRAS to drop the traffic from the attacker's ip address. RRAS is only available on windows server products. such as windows 2000 and windows 2003.
Refer to http://www.microsoft.com/technet/archive/winntas/proddocs/rras40/rrasch03.mspx?mfr=true
Source: http://blogs.msdn.com/sql_protocols/archive/2006/04/10/572605.aspx
1 comment:
Sounds good.. nice post...
Post a Comment