I have a windows 2003 standard server that has a sql server and IIS installed, 2 NICs (one for the local network, one for the internet with a public IP)
I'm getting a lot of "Login failed for user admin" from the SQL Profiler and the event viewer. First they were a few by minute, now I have about 5 to 10 by second!
If I run netstat -a -o it's what I have:
TCP rbaxter02:ms-sql-s ecostumeshop.com:5325 TIME_WAIT 0
TCP rbaxter02:ms-sql-s ecostumeshop.com:5456 TIME_WAIT 0
TCP rbaxter02:ms-sql-s ecostumeshop.com:5625 TIME_WAIT 0
TCP rbaxter02:ms-sql-s ecostumeshop.com:5731 TIME_WAIT 0
TCP rbaxter02:ms-sql-s ecostumeshop.com:5782 TIME_WAIT 0
TCP rbaxter02:ms-sql-s ecostumeshop.com:5841 TIME_WAIT 0
I thinks it's a kind of process scanning the sql server port. I'd like to know if I can disable port 1433 (I think it's the quickier solution) only for outside requests, my local clients (aspx pages, sql analyzer, database manager) shouldn't be affected.
I was about to test tcp/ip filtering but I think it will block port 1433 for local apps too.
Do you want how to configure security on this server without install an additional firewall software? is ICF (Internet Connection Firewall) that comes with windows 2003 a good option?