Advertisement

04.18.2008 at 10:24AM PDT, ID: 23334907 | Points: 500
[x]
Attachment Details

Unknown users from the outside keeps trying to get into our SQL Server

Zones: SQL Server 2008, Cisco PIX Firewall
Tags: Microsoft, SQL, 2008
I've been looking at our SQL Server error log the past few weeks and I've noticed about every day someone with a outside IP address has been trying to log onto our SQL server...    At first I just added the IP to the deny list in the Pix firewall..  but they just seem to change IP once one gets blocked...  

Some of the IPs are from China.. some from India and one from 20 miles away... (was from our provider and they have network security looking into it for me)  


I have a few questions...  

First- Why would someone try to grab a SQL server?  I understand the power of mass email.. but what would they do if they got a hold of our SQL server?

Second- How can I stop this?  I thought about changing the SQL port.. but being I'm very green with SQL I thought I would ask the Experts first... :)

Below I've posted quick snap of the logs...  if you need anything else please just let me know...
Also..  our network consist of 4 Servers...  1 being the Exchange/SQL server... 1 Terminal Server...  1 Active Directory Server.. and 1 Backup Active Directory..    



1:
2:
3:
4:
5:
6:
7:
8:
9:
10:
11:
12:
13:
14:
15:
16:
17:
18:
19:
20:
21:
22:
23:
24:
25:
26:
27:
28:
29:
30:
31:
32:
33:
34:
35:
36:
37:
38:
39:
40:
41:
42:
43:
44:
45:
46:
47:
48:
49:
50:
51:
52:
53:
54:
55:
56:
57:
58:
59:
60:
61:
62:
63:
64:
65:
66:
67:
68:

Date,Source,Severity,Message
04/18/2008 12:26:19,Logon,Unknown,Login failed for user 'sa'. The user is not associated with a trusted SQL Server connection. [CLIENT: 218.6.9.234]
04/18/2008 12:26:19,Logon,Unknown,Error: 18452<c/> Severity: 14<c/> State: 1.
04/18/2008 00:00:42,spid19s,Unknown,This instance of SQL Server has been using a process ID of 1776 since 4/10/2008 1:00:26 AM (local) 4/10/2008 5:00:26 AM (UTC). This is an informational message only; no user action is required.
04/17/2008 16:09:12,Logon,Unknown,Login failed for user 'sa'. The user is not associated with a trusted SQL Server connection. [CLIENT: 221.130.202.14]
04/17/2008 16:09:12,Logon,Unknown,Error: 18452<c/> Severity: 14<c/> State: 1.
04/17/2008 16:09:10,Logon,Unknown,Login failed for user 'sa'. The user is not associated with a trusted SQL Server connection. [CLIENT: 221.130.202.14]
04/17/2008 16:09:10,Logon,Unknown,Error: 18452<c/> Severity: 14<c/> State: 1.
04/17/2008 16:09:08,Logon,Unknown,Login failed for user 'sa'. The user is not associated with a trusted SQL Server connection. [CLIENT: 221.130.202.14]
04/17/2008 16:09:08,Logon,Unknown,Error: 18452<c/> Severity: 14<c/> State: 1.
04/17/2008 16:09:07,Logon,Unknown,Login failed for user 'sa'. The user is not associated with a trusted SQL Server connection. [CLIENT: 221.130.202.14]
04/17/2008 16:09:07,Logon,Unknown,Error: 18452<c/> Severity: 14<c/> State: 1.
04/17/2008 16:09:05,Logon,Unknown,Login failed for user 'sa'. The user is not associated with a trusted SQL Server connection. [CLIENT: 221.130.202.14]
04/17/2008 16:09:05,Logon,Unknown,Error: 18452<c/> Severity: 14<c/> State: 1.
04/17/2008 06:59:54,spid2s,Unknown,A significant part of sql server process memory has been paged out. This may result in a performance degradation. Duration: 329 seconds. Working set (KB): 35316<c/> committed (KB): 73988<c/> memory utilization: 47%.
04/17/2008 06:54:24,spid2s,Unknown,A significant part of sql server process memory has been paged out. This may result in a performance degradation. Duration: 0 seconds. Working set (KB): 34544<c/> committed (KB): 73988<c/> memory utilization: 46%.
04/17/2008 06:01:09,spid2s,Unknown,A significant part of sql server process memory has been paged out. This may result in a performance degradation. Duration: 0 seconds. Working set (KB): 34236<c/> committed (KB): 73988<c/> memory utilization: 46%.
04/17/2008 05:43:20,spid2s,Unknown,A significant part of sql server process memory has been paged out. This may result in a performance degradation. Duration: 0 seconds. Working set (KB): 37436<c/> committed (KB): 73988<c/> memory utilization: 50%.
04/17/2008 00:00:17,spid19s,Unknown,This instance of SQL Server has been using a process ID of 1776 since 4/10/2008 1:00:26 AM (local) 4/10/2008 5:00:26 AM (UTC). This is an informational message only; no user action is required.
04/16/2008 20:44:03,Logon,Unknown,Login failed for user 'sa'. The user is not associated with a trusted SQL Server connection. [CLIENT: 118.126.3.96]
04/16/2008 20:44:03,Logon,Unknown,Error: 18452<c/> Severity: 14<c/> State: 1.
04/16/2008 20:00:19,Logon,Unknown,Login failed for user 'sa'. The user is not associated with a trusted SQL Server connection. [CLIENT: 72.242.82.29]
04/16/2008 20:00:19,Logon,Unknown,Error: 18452<c/> Severity: 14<c/> State: 1.
04/16/2008 19:44:17,Logon,Unknown,Login failed for user 'sa'. The user is not associated with a trusted SQL Server connection. [CLIENT: 218.232.109.209]
04/16/2008 19:44:17,Logon,Unknown,Error: 18452<c/> Severity: 14<c/> State: 1.
04/16/2008 19:44:15,Logon,Unknown,Login failed for user 'sa'. The user is not associated with a trusted SQL Server connection. [CLIENT: 218.232.109.209]
04/16/2008 19:44:15,Logon,Unknown,Error: 18452<c/> Severity: 14<c/> State: 1.
04/16/2008 19:44:13,Logon,Unknown,Login failed for user 'sa'. The user is not associated with a trusted SQL Server connection. [CLIENT: 218.232.109.209]
04/16/2008 19:44:13,Logon,Unknown,Error: 18452<c/> Severity: 14<c/> State: 1.
04/16/2008 19:44:12,Logon,Unknown,Login failed for user 'sa'. The user is not associated with a trusted SQL Server connection. [CLIENT: 218.232.109.209]
04/16/2008 19:44:12,Logon,Unknown,Error: 18452<c/> Severity: 14<c/> State: 1.
04/16/2008 19:44:11,Logon,Unknown,Login failed for user 'sa'. The user is not associated with a trusted SQL Server connection. [CLIENT: 218.232.109.209]
04/16/2008 19:44:11,Logon,Unknown,Error: 18452<c/> Severity: 14<c/> State: 1.
04/16/2008 15:42:02,Logon,Unknown,Login failed for user 'sa'. The user is not associated with a trusted SQL Server connection. [CLIENT: 72.22.22.158]
04/16/2008 15:42:02,Logon,Unknown,Error: 18452<c/> Severity: 14<c/> State: 1.
04/16/2008 15:42:01,Logon,Unknown,Login failed for user 'sa'. The user is not associated with a trusted SQL Server connection. [CLIENT: 72.22.22.158]
04/16/2008 15:42:01,Logon,Unknown,Error: 18452<c/> Severity: 14<c/> State: 1.
04/16/2008 15:42:00,Logon,Unknown,Login failed for user 'sa'. The user is not associated with a trusted SQL Server connection. [CLIENT: 72.22.22.158]
04/16/2008 15:42:00,Logon,Unknown,Error: 18452<c/> Severity: 14<c/> State: 1.
04/16/2008 15:41:59,Logon,Unknown,Login failed for user 'sa'. The user is not associated with a trusted SQL Server connection. [CLIENT: 72.22.22.158]
04/16/2008 15:41:59,Logon,Unknown,Error: 18452<c/> Severity: 14<c/> State: 1.
04/16/2008 12:34:55,spid55,Unknown,Configuration option 'show advanced options' changed from 1 to 0. Run the RECONFIGURE statement to install.
04/16/2008 12:34:55,spid55,Unknown,Configuration option 'awe enabled' changed from 0 to 1. Run the RECONFIGURE statement to install.
04/16/2008 12:34:55,spid55,Unknown,Configuration option 'show advanced options' changed from 0 to 1. Run the RECONFIGURE statement to install.
04/16/2008 12:33:53,spid55,Unknown,Configuration option 'remote access' changed from 1 to 0. Run the RECONFIGURE statement to install.
04/16/2008 12:33:53,spid55,Unknown,Configuration option 'show advanced options' changed from 1 to 0. Run the RECONFIGURE statement to install.
04/16/2008 12:33:53,spid55,Unknown,Configuration option 'priority boost' changed from 0 to 1. Run the RECONFIGURE statement to install.
04/16/2008 12:33:53,spid55,Unknown,Configuration option 'show advanced options' changed from 0 to 1. Run the RECONFIGURE statement to install.
04/16/2008 07:58:10,Logon,Unknown,Login failed for user 'sa'. The user is not associated with a trusted SQL Server connection. [CLIENT: 218.6.9.37]
04/16/2008 07:58:10,Logon,Unknown,Error: 18452<c/> Severity: 14<c/> State: 1.
04/16/2008 07:58:10,Logon,Unknown,Login failed for user 'sa'. The user is not associated with a trusted SQL Server connection. [CLIENT: 218.6.9.37]
04/16/2008 07:58:10,Logon,Unknown,Error: 18452<c/> Severity: 14<c/> State: 1.
04/16/2008 07:58:10,Logon,Unknown,Login failed for user 'sa'. The user is not associated with a trusted SQL Server connection. [CLIENT: 218.6.9.37]
04/16/2008 07:58:10,Logon,Unknown,Error: 18452<c/> Severity: 14<c/> State: 1.
04/16/2008 07:58:10,Logon,Unknown,Login failed for user 'sa'. The user is not associated with a trusted SQL Server connection. [CLIENT: 218.6.9.37]
04/16/2008 07:58:10,Logon,Unknown,Error: 18452<c/> Severity: 14<c/> State: 1.
04/16/2008 07:58:10,Logon,Unknown,Login failed for user 'sa'. The user is not associated with a trusted SQL Server connection. [CLIENT: 218.6.9.37]
04/16/2008 07:58:10,Logon,Unknown,Error: 18452<c/> Severity: 14<c/> State: 1.
04/16/2008 07:58:10,Logon,Unknown,Login failed for user 'sa'. The user is not associated with a trusted SQL Server connection. [CLIENT: 218.6.9.37]
04/16/2008 07:58:10,Logon,Unknown,Error: 18452<c/> Severity: 14<c/> State: 1.
04/16/2008 07:58:10,Logon,Unknown,Login failed for user 'sa'. The user is not associated with a trusted SQL Server connection. [CLIENT: 218.6.9.37]
04/16/2008 07:58:10,Logon,Unknown,Error: 18452<c/> Severity: 14<c/> State: 1.
04/16/2008 07:58:10,Logon,Unknown,Login failed for user 'sa'. The user is not associated with a trusted SQL Server connection. [CLIENT: 218.6.9.37]
04/16/2008 07:58:10,Logon,Unknown,Error: 18452<c/> Severity: 14<c/> State: 1.
04/16/2008 07:58:10,Logon,Unknown,Login failed for user 'sa'. The user is not associated with a trusted SQL Server connection. [CLIENT: 218.6.9.37]
04/16/2008 07:58:10,Logon,Unknown,Error: 18452<c/> Severity: 14<c/> State: 1.
04/16/2008 07:58:10,Logon,Unknown,Login failed for user 'sa'. The user is not associated with a trusted SQL Server connection. [CLIENT: 218.6.9.37]
04/16/2008 07:58:10,Logon,Unknown,Error: 18452<c/> Severity: 14<c/> State: 1.
Start your free trial to view this solution
Question Stats
Zone: Microsoft
Question Asked By: rreddell
Question Asked On: 04.18.2008
Participating Experts: 3
Points: 500
Views: 0
Translate:
Loading Advertisement...
04.18.2008 at 10:29AM PDT, ID: 21387892

Rank: Master

chapmandew:

All comments and solutions are available to Premium Service Members only.

Start your 7-day free trial and see for yourself why Experts Exchange is the easiest and most proven technology resource in the world. Get Started

Already a member? Login to view this solution.

 
04.18.2008 at 10:41AM PDT, ID: 21388005
rreddell:

All comments and solutions are available to Premium Service Members only.

Start your 7-day free trial and see for yourself why Experts Exchange is the easiest and most proven technology resource in the world. Get Started

Already a member? Login to view this solution.

 
04.18.2008 at 11:02AM PDT, ID: 21388188

Rank: Master

chapmandew:

All comments and solutions are available to Premium Service Members only.

Start your 7-day free trial and see for yourself why Experts Exchange is the easiest and most proven technology resource in the world. Get Started

Already a member? Login to view this solution.

 
04.18.2008 at 11:03AM PDT, ID: 21388197

Rank: Master

chapmandew:

All comments and solutions are available to Premium Service Members only.

Start your 7-day free trial and see for yourself why Experts Exchange is the easiest and most proven technology resource in the world. Get Started

Already a member? Login to view this solution.

 
04.18.2008 at 11:25AM PDT, ID: 21388383
rreddell:

All comments and solutions are available to Premium Service Members only.

Start your 7-day free trial and see for yourself why Experts Exchange is the easiest and most proven technology resource in the world. Get Started

Already a member? Login to view this solution.

 
04.18.2008 at 11:26AM PDT, ID: 21388387

Rank: Master

chapmandew:

All comments and solutions are available to Premium Service Members only.

Start your 7-day free trial and see for yourself why Experts Exchange is the easiest and most proven technology resource in the world. Get Started

Already a member? Login to view this solution.

 
04.18.2008 at 11:39AM PDT, ID: 21388491
rreddell:

All comments and solutions are available to Premium Service Members only.

Start your 7-day free trial and see for yourself why Experts Exchange is the easiest and most proven technology resource in the world. Get Started

Already a member? Login to view this solution.

 
04.18.2008 at 11:39AM PDT, ID: 21388496

Rank: Master

chapmandew:

All comments and solutions are available to Premium Service Members only.

Start your 7-day free trial and see for yourself why Experts Exchange is the easiest and most proven technology resource in the world. Get Started

Already a member? Login to view this solution.

 
04.18.2008 at 12:53PM PDT, ID: 21389093
clearacid:

All comments and solutions are available to Premium Service Members only.

Start your 7-day free trial and see for yourself why Experts Exchange is the easiest and most proven technology resource in the world. Get Started

Already a member? Login to view this solution.

 
05.09.2008 at 08:14AM PDT, ID: 21533685
bryan_loveless:

All comments and solutions are available to Premium Service Members only.

Start your 7-day free trial and see for yourself why Experts Exchange is the easiest and most proven technology resource in the world. Get Started

Already a member? Login to view this solution.

 
 
Loading Advertisement...
20080236-EE-VQP-29 / EE_QW_2_20070628