IP address outside of network trying to log onto SQL Server

Posted on 2012-08-26
Last Modified: 2012-08-30
I see a lot of these errors in the event log.  

Login failed for user 'sa'. Reason: Password did not match that for the login provided. [CLIENT:]

The ip address is not what is being logged, that value is from outside of our network, is there a port that I need to close to prevent this?  I don't understand where the request are coming from or how they are getting into the network.

We are running SQL Server 2008 r2 Workgroup and Server 2008 R2.  The data on SQL server is accessed by an IIS site
Question by:c7c4c7
    LVL 5

    Expert Comment

    by:Omid Omarkhail
    (I do hope you're behind a firewall)
    Is the IP address the same every time? If the same, block that IP in your firewall. While there are many ways you can do within SQL server to assure that no one can access your server (i.e. Changing for mixed mode to integrated security, or Changing the name of 'SA' account, or simply having an extremely strong password).
    Those things are really help you to stop the traffic from hitting your server.
    LVL 3

    Expert Comment

    LVL 77

    Expert Comment

    by:David Johnson, CD, MVP
    The easiest method to fix this is to open the firewall on the computer that holds the sql server and adjust the firewall to deny access from outside of your subnet or to specify the scope that is allowed and keep it within your subnet instead of any address.
    LVL 10

    Expert Comment

    make rule in firewall so that connections can be acheived from the selected IP's only

    Author Comment

    Yes, we have firewall.  There are specific rules allowing only certain IP's outside the network in, these access the IIS server.  No one else has access, I thought.  I

    Author Comment

    Is there a specific port that is used to access SQL server outside of the firewall?
    LVL 10

    Accepted Solution

    by default sql server uses 1433 port .

    run xp_readerrorlog in ssms to find out which isused by sql server

    Featured Post

    Top 6 Sources for Identifying Threat Actor TTPs

    Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

    Join & Write a Comment

    If you migrate a Terminal Server licenses server inside the 2008 server family, you can takte advantage of the build-in migration tool. If you like to migrate an older 2003 Server (and the installed client CALs) to a 2008 R2 server for example, you …
    This article explains how to reset the password of the sa account on a Microsoft SQL Server.  The steps in this article work in SQL 2005, 2008, 2008 R2, 2012, 2014 and 2016.
    This tutorial will walk an individual through locating and launching the BEUtility application to properly change the service account username and\or password in situation where it may be necessary or where the password has been inadvertently change…
    This tutorial will show how to configure a single USB drive with a separate folder for each day of the week. This will allow each of the backups to be kept separate preventing the previous day’s backup from being overwritten. The USB drive must be s…

    729 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    19 Experts available now in Live!

    Get 1:1 Help Now