Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium


IP address outside of network trying to log onto SQL Server

Posted on 2012-08-26
Medium Priority
Last Modified: 2012-08-30
I see a lot of these errors in the event log.  

Login failed for user 'sa'. Reason: Password did not match that for the login provided. [CLIENT: xx.xxx.xxx.xxx]

The ip address is not what is being logged, that value is from outside of our network, is there a port that I need to close to prevent this?  I don't understand where the request are coming from or how they are getting into the network.

We are running SQL Server 2008 r2 Workgroup and Server 2008 R2.  The data on SQL server is accessed by an IIS site
Question by:c7c4c7

Expert Comment

by:Omid Omarkhail
ID: 38335338
(I do hope you're behind a firewall)
Is the IP address the same every time? If the same, block that IP in your firewall. While there are many ways you can do within SQL server to assure that no one can access your server (i.e. Changing for mixed mode to integrated security, or Changing the name of 'SA' account, or simply having an extremely strong password).
Those things are really help you to stop the traffic from hitting your server.

Expert Comment

ID: 38335564
LVL 84

Expert Comment

by:David Johnson, CD, MVP
ID: 38335769
The easiest method to fix this is to open the firewall on the computer that holds the sql server and adjust the firewall to deny access from outside of your subnet or to specify the scope that is allowed and keep it within your subnet instead of any address.
Making Bulk Changes to Active Directory

Watch this video to see how easy it is to make mass changes to Active Directory from an external text file without using complicated scripts.

LVL 10

Expert Comment

by:Ramesh Babu Vavilla
ID: 38336157
make rule in firewall so that connections can be acheived from the selected IP's only

Author Comment

ID: 38339520
Yes, we have firewall.  There are specific rules allowing only certain IP's outside the network in, these access the IIS server.  No one else has access, I thought.  I

Author Comment

ID: 38341603
Is there a specific port that is used to access SQL server outside of the firewall?
LVL 10

Accepted Solution

Ramesh Babu Vavilla earned 2000 total points
ID: 38342245
by default sql server uses 1433 port .

run xp_readerrorlog in ssms to find out which isused by sql server

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The recent Microsoft changes on update philosophy for Windows pre-10 and their impact on existing WSUS implementations.
Possible fixes for Windows 7 and Windows Server 2008 updating problem. Solutions mentioned are from Microsoft themselves. I started a case with them from our Microsoft Silver Partner option to open a case and get direct support from Microsoft. If s…
This tutorial will give a an overview on how to deploy remote agents in Backup Exec 2012 to new servers. Click on the Backup Exec button in the upper left corner. From here, are global settings for the application such as connecting to a remote Back…
This tutorial will show how to configure a new Backup Exec 2012 server and move an existing database to that server with the use of the BEUtility. Install Backup Exec 2012 on the new server and apply all of the latest hotfixes and service packs. The…

571 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question