Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 908
  • Last Modified:

how to block an IP

I have been observing in 'application log' from 'event viewer'. It comes to my notice that some body is trying to trace the password of my sqlserver. I think for hacking the database the user might be using a program for tracing username and password, this comes to my notice because log shows every millisecond's event (audit failure). The user logs in from IP and uses username 'sa' at the same time he logs in from IP and uses username 'albatross' or 'password'.
Please tell me
1. How is it happening?
2. How to block or restrict these two IPs( &
3. How to protect my sqlserver from hackers?
3 Solutions

Put the sql server behind a hardware firewall or setup a local security policy to block those addresses.  The firewall will be more effective though as they will simply change the address of attack and you'd be constantly editing your security policy with the new addresses.
Sander StadSysteemontwikkelaar, Database AdministratorCommented:
How it is happening?
People will always try to attack your systems and find a way to get in. There are several programs that will try to get the password by bruteforce by trying every single password that they can generate.
How to block the IP's
You can do several things to protect your server from attacks.
  1. Firewall
  2. IP SEC
  3. Local security policy
1. Firewall
When you exception on the SQL Server port you can block traffic from a certain ip address to your server
2.  IP SEC
Configure IP Sec policy to block ip address from the attacker's machine. IPSec is available on windows 2000, XP and windows 2003. This is a website that can help you:http://support.microsoft.com/kb/313190
3. Local security policy
For this option look at this article: http://www.webhostingtalk.com/archive/index.php/t-364172.html
How to protect your SQL Server
Be sure to have all the latest security updates. If you don't have a firewall installed on your SQL Server do so. Be sure to have antivirussoftware installed on your server.
btanExec ConsultantCommented:
1. How is it happening?

There should be some process attempting unauthorised login and enumerating through the default accounts and password and brute forcing the credentials. One possible tool is SQLDict (dictionary attack tool, an exe) http://ntsecurity.nu/toolbox/sqldict/
At the first place the sql should not have been exposed directly to the "wild", the malicious attempt may have gotten in based on the default port exposed as they are scanning.
From the IPs (http://www.geobytes.com/IpLocator.htm?GetLocation), they are from India and Yugoslavia (but of course they may not be the real IP as well), looks like a concerted attempts else separate entity.

2. How to block or restrict these two IPs( &

As suggested above, and adding on can consider also  
a) Proxy setup to anonymise and hide your IP with Firewall guarding and screening the inbounds. If you are not from the same locality, set rule to block those IP subnets but it is interim.
b) Establish secure authentication in sql via SSL (http://support.microsoft.com/kb/316898) but this rather tedious

3. How to protect my sqlserver from hackers?

a) Change the default accounts and enforce strong password
(make sure the hardcodes are updated, if any)
b) Enforce password lockout policy (so no brute force can be successful)
c) My suggestion is to close remaining services (telnet, remote services, etc) not needed in the sql box and also has least privilege for the SQL services
(see http://searchsqlserver.techtarget.com/generic/0,295582,sid87_gci1325004,00.html?asrc=SS_CLA_301336&psrc=CLT_87#1)
d) May also want to consider monitoring agent to be setup to alert when something "funny" are triggered
(see http://manageengine.adventnet.com/products/applications_manager/sql-server-management.html?adwords01mssql1&CampaignID=200301402&gclid=COvMoefjgZcCFQwcegodwmxhXg)

Featured Post

Visualize your virtual and backup environments

Create well-organized and polished visualizations of your virtual and backup environments when planning VMware vSphere, Microsoft Hyper-V or Veeam deployments. It helps you to gain better visibility and valuable business insights.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now