| Author |
Topic |
|
dave4477
Starting Member
3 Posts |
 Posted - 2007-03-16 : 11:38:17
|
| My SQL Server computer is receiving tens of thousands of invalid login attempts from IP addresses all around the world, especially in China.I have a Xincom Twin WAN router which has port forwarding enabled so that our remote web server can connect to our local SQL Server over the internet.These login attempts however, are severely hindering the performance of my SQL Server and creating timeout errors for legitimate login attempts.How can I reduce these attacks? |
|
|
SwePeso
Patron Saint of Lost Yaks
30421 Posts |
Posted - 2007-03-16 : 11:45:52
|
| Change default port address from 1433 to a new port number value?Also, must your database be accessible outside the lan?Peter LarssonHelsingborg, Sweden |
 |
|
|
tkizer
Almighty SQL Goddess
38200 Posts |
Posted - 2007-03-16 : 11:49:46
|
| Not only should you change your port, but you should also put SQL Server behind a firewall so that it's in the back DMZ. Then you would create firewall rules so that only the trusted servers (your web server) can make it through the firewall and into SQL Server. Tara Kizerhttp://weblogs.sqlteam.com/tarad/ |
|
|
|
dave4477
Starting Member
3 Posts |
Posted - 2007-03-16 : 11:58:02
|
| Thank you for your quick replies.I will definitely need to change the port address.Unfortunately it does need to be accessed outside the LAN, but by only one or two machines. |
|
|
|
dave4477
Starting Member
3 Posts |
Posted - 2007-03-16 : 11:59:21
|
quote:
Originally posted by tkizer
Not only should you change your port, but you should also put SQL Server behind a firewall so that it's in the back DMZ. Then you would create firewall rules so that only the trusted servers (your web server) can make it through the firewall and into SQL Server.
What kind of firewall would you recommend? My router has some built-in firewall features but not many. |
|
|
|
Kristen
Test
22859 Posts |
Posted - 2007-03-16 : 12:38:05
|
| Changing the port will, IME, eliminate the problem. Pick a port number above 10,000 - the port scanners don't waste time going up that high.P.S. For security the Firewall is an important thing, but for expediency change the Port Number pronto!Kristen |
|
|
|
tkizer
Almighty SQL Goddess
38200 Posts |
Posted - 2007-03-16 : 12:49:28
|
quote:
Originally posted by dave4477
quote:
Originally posted by tkizer
Not only should you change your port, but you should also put SQL Server behind a firewall so that it's in the back DMZ. Then you would create firewall rules so that only the trusted servers (your web server) can make it through the firewall and into SQL Server.
What kind of firewall would you recommend? My router has some built-in firewall features but not many.
I'm not a network person, so I can't help you with that. I work for a large corporation, so we have specialized people for every area. My specialty is SQL Server.But here is basically how our environment is configured:Front DMZ firewall - Allows requests over port 80 and perhaps other ports==============Web ServerBack DMZ firewall - Allows requests over SQL port, and perhaps only from certain MAC addresses or IP addresses==============SQL Server, back-end application serversTara Kizerhttp://weblogs.sqlteam.com/tarad/ |
|
|
|
iminore
Posting Yak Master
141 Posts |
Posted - 2008-11-24 : 14:12:07
|
| I'm suddenly getting loads of failed 'sa' logins, even though I've disabled remote connections. The IP address is apparently in Barcelona, where I holidayed a couple of weeks ago. How do I see the port that is open to SQL?Just because I'm paranoid doesn't mean they aint after me!My word is my code. |
|
|
|
iminore
Posting Yak Master
141 Posts |
Posted - 2008-11-24 : 14:12:35
|
| Oh this is on SQL 2005 ExpressMy word is my code. |
|
|
|
tkizer
Almighty SQL Goddess
38200 Posts |
|
|
|
SQL Server login attacks