I have been observing in 'application log' from 'event viewer'. It comes to my notice that some body is trying to trace the password of my sqlserver. I think for hacking the database the user might be using a program for tracing username and password, this comes to my notice because log shows every millisecond's event (audit failure). The user logs in from IP 220.127.116.11 and uses username 'sa' at the same time he logs in from IP 18.104.22.168 and uses username 'albatross' or 'password'.
Please tell me
1. How is it happening?
2. How to block or restrict these two IPs(22.214.171.124 & 126.96.36.199)
3. How to protect my sqlserver from hackers?