asked on

IP address outside of network trying to log onto SQL Server

I see a lot of these errors in the event log.

Login failed for user 'sa'. Reason: Password did not match that for the login provided. [CLIENT: xx.xxx.xxx.xxx]

The ip address is not what is being logged, that value is from outside of our network, is there a port that I need to close to prevent this? I don't understand where the request are coming from or how they are getting into the network.

We are running SQL Server 2008 r2 Workgroup and Server 2008 R2. The data on SQL server is accessed by an IIS site

Omid Helal, PMP®

(I do hope you're behind a firewall)
Is the IP address the same every time? If the same, block that IP in your firewall. While there are many ways you can do within SQL server to assure that no one can access your server (i.e. Changing for mixed mode to integrated security, or Changing the name of 'SA' account, or simply having an extremely strong password).
Those things are really help you to stop the traffic from hitting your server.

Darkworld1000

Pleae check this one
http://www.sqlsecurity.com/faqs-1/sql-server-faq

David Johnson, CD

The easiest method to fix this is to open the firewall on the computer that holds the sql server and adjust the firewall to deny access from outside of your subnet or to specify the scope that is allowed and keep it within your subnet instead of any address.

Ramesh Babu Vavilla

make rule in firewall so that connections can be acheived from the selected IP's only

c7c4c7

ASKER

Yes, we have firewall. There are specific rules allowing only certain IP's outside the network in, these access the IIS server. No one else has access, I thought. I

c7c4c7

ASKER

Is there a specific port that is used to access SQL server outside of the firewall?

ASKER CERTIFIED SOLUTION

Ramesh Babu Vavilla

membership

This solution is only available to members.

To access this solution, you must be a member of Experts Exchange.

Start Free Trial