Protect from SQL Brute Force Attack

I noticed many public SQL Server affected by brute force attacks to discover the sa password.

After discussing on Microsoft Newsgroup with some Security Expert, I developed an HealthMonitor Plugin called Check SQLSec that verify the number of login failures against a specific threshold and return the IP Address of the attackers.

More details here.
Share on Google Plus

About Vittorio Pavesi

    Blogger Comment
    Facebook Comment


Anonymous said...

You can also block the attacker IP by adding it to an existing IP filter list.

Example for a Windows 2003 server:

cmd /c netsh ipsec static add filter filterlist="Block IP Numbers" srcaddr=CurIP dstaddr=me protocol=ANY mirrored=no

where "Block IP Numbers" is the name of the filter list and CurIP is the IP you are blocking.