Protect from SQL Brute Force Attack

I noticed many public SQL Server affected by brute force attacks to discover the sa password.

After discussing on Microsoft Newsgroup with some Security Expert, I developed an HealthMonitor Plugin called Check SQLSec that verify the number of login failures against a specific threshold and return the IP Address of the attackers.

More details here.
Share on Google Plus

About Vittorio Pavesi

    Blogger Comment
    Facebook Comment

1 comments:

Anonymous said...

You can also block the attacker IP by adding it to an existing IP filter list.

Example for a Windows 2003 server:

cmd /c netsh ipsec static add filter filterlist="Block IP Numbers" srcaddr=CurIP dstaddr=me protocol=ANY mirrored=no

where "Block IP Numbers" is the name of the filter list and CurIP is the IP you are blocking.