c7c4c7
asked on
IP address outside of network trying to log onto SQL Server
I see a lot of these errors in the event log.
Login failed for user 'sa'. Reason: Password did not match that for the login provided. [CLIENT: xx.xxx.xxx.xxx]
The ip address is not what is being logged, that value is from outside of our network, is there a port that I need to close to prevent this? I don't understand where the request are coming from or how they are getting into the network.
We are running SQL Server 2008 r2 Workgroup and Server 2008 R2. The data on SQL server is accessed by an IIS site
Login failed for user 'sa'. Reason: Password did not match that for the login provided. [CLIENT: xx.xxx.xxx.xxx]
The ip address is not what is being logged, that value is from outside of our network, is there a port that I need to close to prevent this? I don't understand where the request are coming from or how they are getting into the network.
We are running SQL Server 2008 r2 Workgroup and Server 2008 R2. The data on SQL server is accessed by an IIS site
Pleae check this one
http://www.sqlsecurity.com/faqs-1/sql-server-faq
http://www.sqlsecurity.com/faqs-1/sql-server-faq
The easiest method to fix this is to open the firewall on the computer that holds the sql server and adjust the firewall to deny access from outside of your subnet or to specify the scope that is allowed and keep it within your subnet instead of any address.
make rule in firewall so that connections can be acheived from the selected IP's only
ASKER
Yes, we have firewall. There are specific rules allowing only certain IP's outside the network in, these access the IIS server. No one else has access, I thought. I
ASKER
Is there a specific port that is used to access SQL server outside of the firewall?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Is the IP address the same every time? If the same, block that IP in your firewall. While there are many ways you can do within SQL server to assure that no one can access your server (i.e. Changing for mixed mode to integrated security, or Changing the name of 'SA' account, or simply having an extremely strong password).
Those things are really help you to stop the traffic from hitting your server.