Protect from SQL Brute Force Attack

I noticed many public SQL Server affected by brute force attacks to discover the sa password.

After discussing on Microsoft Newsgroup with some Security Expert, I developed an HealthMonitor Plugin called Check SQLSec that verify the number of login failures against a specific threshold and return the IP Address of the attackers.

More details here.

About author

Vittorio Pavesi


  1. Anonymous
    1:50 PM

    You can also block the attacker IP by adding it to an existing IP filter list.

    Example for a Windows 2003 server:

    cmd /c netsh ipsec static add filter filterlist="Block IP Numbers" srcaddr=CurIP dstaddr=me protocol=ANY mirrored=no

    where "Block IP Numbers" is the name of the filter list and CurIP is the IP you are blocking.

Post a Comment