0

I have an sql server 2005 instance running in default 1433 port. I am getting too many invalid logins from different ip address, may be some hacking programs trying to attack, i am running windows 2003 server, as the windows firewall doesn't have option to block a particular ip, but even i use an other firewall i need to monitor regularly for the new hacker IP & need to block it. Is there any other way to prevent these attacks, something like if i get number of invalid login attempts block that ip for a couple of minutes..

Priyan R
  • 171
  • 1
  • 6

3 Answers3

2

You can try running on a non-default port. That might reduce the attacks, but it's not going to eliminate them. You could also setup a VPN or SSH tunnel and only allow access through them. But you'll also have to deal with the same type of attacks against those as well.

There's no magical way to make internet hosted services only visible to the "good guys". They're either visible to everyone or they're not.

Ryan Bolger
  • 16,472
  • 3
  • 40
  • 59
2

Do you connect to the system from a internet connection with a fixed/static ip address? if so you could whitelist allowed connections and block the rest.

p858snake
  • 439
  • 2
  • 6
1

For no reason should you be connecting a Windows server directly to the Internet.

For root's sake man, at least put a firewall in front of it!

Ok, now that you've done that, do you need sql server logins across the Internet? No? Okay, block that port.

MikeyB
  • 38,725
  • 10
  • 102
  • 186
  • Its a hosted sql server , it need remote access, even if i block an ip with firewall, there will be an attack from another new ip later – Priyan R Nov 25 '09 at 05:19
  • Security concepts say to use a whitelist, not a blacklist. Block everything except the one IP that needs to connect to it. – MikeyB Nov 26 '09 at 03:26
  • (of course, as others have said, using certificates or a tunnel is most secure) – MikeyB Nov 26 '09 at 03:26