Re: Re: Re: How find user is sending a packet every .02 sec to M — MsSQL Server

You are here: Re: Re: Re: How find user is sending a packet every .02 sec to M « MsSQL Server « IT news, forums, messages

Posted by pigeon on 06/21/05 00:35

"serge" wrote:
>I am not a security expert so you�ll still have to search more
>on this
>topic. What I would do is turn on SQL Server auditing for Failure.
>Do properties on your SQL server in SQL EM, Security tab, Audit
Level.
>
>If you say there are 2 users but don�t know the users. Do you
>mean
>you have 2 IPs that keep hitting your SQL server every .02 second?
>Those IPs, why don�t you have them blocked if you don�t
>know if
>they are valid IPs or someone trying to attack your SQL Server
>or like you say some software is hitting your SQL server non-stop?
>
>Can you run SQL Profiler and see if you can see what is being run
>by those two "users" every .02 seconds?
>
>
>
>
>> Well.. they are logging in over the internet.. So even if i know
>the
>> computer name, it will not help me that much (since there are
>hundreds
>> and hundreds of people logging in all the time).
>>
>> Also, will the user be listed in active connections evey though
>his
>> login fails? or if he logs in and logs out very quickly? I
>believe his
>> software islogging in and out very quickly (many many many times
>a
>> second).
>>
>>
>> What do you�ll think?</font>

Well.. I found their hostname (server) through profiler.. And i see
they are trying to login to �sa� account.. but i wouldn�t think
trying to login (every 5seconds or so) would result in me getting
packets from that IP every .02 seconds...

What can I do after this? I guess i could block their ip via my cisco
PIX firwall.. but is there anyway to automatically block a user that
tries to login to �sa�? From what I have read, SQL doesn�t have a
feature to block users based on their ip

thanks for any suggestions!

--
Posted using the http://www.dbforumz.com interface, at author's request
Articles individually checked for conformance to usenet standards
Topic URL: http://www.dbforumz.com/General-Discussions-find-user-packet-02-sec-MS-SQL-ftopict232446.html
Visit Topic URL to contact author (reg. req'd). Report abuse: http://www.dbforumz.com/eform.php?p=810667

Navigation:

Next in forum: Re: deadlocks involving parallelism
Prev in forum: Re: Problem converting rows to a string
Thread view: Re: Re: Re: How find user is sending a packet every .02 sec to M

[Reply to this message]

Удаленная работа для программистов • Как заработать на Google AdSense • England, UK • статьи на английском • PHP MySQL CMS Apache Oscommerce • Online Business Knowledge Base • DVD MP3 AVI MP4 players codecs conversion help

Home • Search • Site Map • Set as Homepage • Add to Favourites

Сайт изготовлен в Студии Валентина Петручека —
изготовление и поддержка веб-сайтов, разработка программного обеспечения, поисковая оптимизация