?
Solved

Even id 5157

Posted on 2010-09-03
5
Medium Priority
?
1,051 Views
Last Modified: 2012-06-21
Hello,

I receive a lot of securuty auditing alerts on my win 2008. Every sec 3 alerts, It looks like yyy.yyy.yyy.yyy scanning access to my sql server on xxx.xxx.xxx.xxx machine port 1433.
Every time from diferent port

Should I start worry ?/ have you seen this before/ is that normal situation ?


 
The Windows Filtering Platform has blocked a connection.

Application Information:
	Process ID:		8696
	Application Name:	\device\harddiskvolume1\windows\system32\inetsrv\w3wp.exe

Network Information:
	Direction:		Outbound
	Source Address:		yyy.yyy.yyy.yyy
	Source Port:		54635
	Destination Address:	xxx.xxx.xxx.xxx
	Destination Port:		1433
	Protocol:		6

Filter Information:
	Filter Run-Time ID:	0
	Layer Name:		Connect
	Layer Run-Time ID:	48

Open in new window

0
Comment
Question by:siemian
  • 3
  • 2
5 Comments
 
LVL 30

Expert Comment

by:Rich Weissler
ID: 33597161
Sounds to me like machine (lotsa-ys) is attempting to connect to your SQL machine, and it's being blocked...  so the software is configured to keep trying.

If the workstation (lotsa-ys) is suppose to be using a database on sql server (lotsa-xs), yes -- be concerned, 'cause it's failing, and seems to need help.

If workstation (lotsa-ys) isn't suppose to have access to a database on sql server (lotsa-xs), yes -- be concerned... 'cause the user has a program that is either misconfigured or has a program they shouldn't have at all.

But yes, it's a normal thing that occurs when something isn't working.
0
 

Author Comment

by:siemian
ID: 33597270
what if...my (lotsa-ys) is the Public Ethernet adaptor of the machine that is hosted by Rackspace ( http://www.rackspace.co.uk/rackspace-home ) ??
0
 

Author Comment

by:siemian
ID: 33597358

I recieved error messages on serverA that should be contacting with Server B ( sql server )
yyy.yyy.yyy.yyy is ethernet public adapter IP address ( 192.168.yyy.yyy ) , Both Server A and Server B are hosted by Rackspace.
0
 
LVL 30

Accepted Solution

by:
Rich Weissler earned 1000 total points
ID: 33597647
So, wait... are both Server A and Server B yours?
If Server A is not yours, and Server B (sql server) is yours, I'd contact Rackspace and ask them to make the owner of Server A stop.

Unclear on "yyy.yyy.yyy.yyy is ethernet public adapter IP address ( 192.168.yyy.yyy )" -- to me, 192.168.y.y would be a private address...
0
 

Author Closing Comment

by:siemian
ID: 33716176
Rackspace issue
0

Featured Post

 The Evil-ution of Network Security Threats

What are the hacks that forever changed the security industry? To answer that question, we created an exciting new eBook that takes you on a trip through hacking history. It explores the top hacks from the 80s to 2010s, why they mattered, and how the security industry responded.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

With the evolution of technology, we have finally reached a point where it is possible to have home automation features like having your thermostat turn up and door lock itself when you leave, as well as a complete home security system. This is a st…
Considering today’s continual security threats, which affect Information technology networks and systems worldwide, it is very important to practice basic security awareness. A normal system user can secure himself or herself by following these simp…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …

807 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question