Posted by serge on 06/16/05 19:12

I am not a security expert so you'll still have to search more on this
topic. What I would do is turn on SQL Server auditing for Failure.
Do properties on your SQL server in SQL EM, Security tab, Audit Level.

If you say there are 2 users but don't know the users. Do you mean
you have 2 IPs that keep hitting your SQL server every .02 second?
Those IPs, why don't you have them blocked if you don't know if
they are valid IPs or someone trying to attack your SQL Server
or like you say some software is hitting your SQL server non-stop?

Can you run SQL Profiler and see if you can see what is being run
by those two "users" every .02 seconds?




> Well.. they are logging in over the internet.. So even if i know the
> computer name, it will not help me that much (since there are hundreds
> and hundreds of people logging in all the time).
>
> Also, will the user be listed in active connections evey though his
> login fails? or if he logs in and logs out very quickly? I believe his
> software islogging in and out very quickly (many many many times a
> second).
>
>
> What do you'll think?

[Back to original message]