 |
 | Home | Contact Us | FAQ | Search & Site Map | Link to Us |
 | Sign In | Join | Other 45 Sites in Network |
SQL Server Forum / General / Security / April 2005Login failed for user 'sa'
Hi, We are getting a lot of entries in the Windows event log indicating 'Login failed for user 'sa'' and 'root'. It seems like an obvious hack attempt but is there any way of determining the source (ip address) of these attempts. I can't understand why SQL doesn't log the ip address of login attempts. Thanks - Ian http://www.appsecinc.com/products/appradar/mssql/faq.html HTH, Jens Suessmeyer. > Hi, > [quoted text clipped - 5 lines] > > Thanks - Ian Yes, you are getting hacked...no SQL doesn't record the address of the attempt. Throw Network monitor on the SQL server and start sniffing all inbound traffic. Look for the failed SA attempts. Chances are it's outside your firewall anyway, and you should be able to ask your Network admin to give you a log of all inbound traffic to the SQL IP address. If you haven't moved SQL off port 1433, do so, and block all inbound 1433 traffic!!! Donna Lambert > Hi, > [quoted text clipped - 4 lines] > > Thanks - Ian |
Reply to this Message |
 Sign In
 Join
 My Latest Posts My Monitored Threads My Blog My Photo Gallery My Profile My Homepage Start New Thread Enable EMail Alerts Rate this Thread
|
©2009 Advenet LLC Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.