kpgraci Posted July 18, 2011 Posted July 18, 2011 level: novice First, I found IPSecPol.exe for windows 2000, does it exist for 2008 also? What I want to do, and there may be a better way to do it: My SQL Server sa acocunt gets attacked constantly. I've renamed and disabled it, but the sql error log fills up with failed attempts to login to the missing sa account. I can monitor the logs and find the ip address, so if I had a command line way to block an IP address I could do that while the attack was happening. I know I could just not use sql authentication, but this is not an option right now. Also, I could enfore password policies and lock out the user after so many failed attempts, but I don't know if this will work becuase the sa account does not exist...I renamed it. I'm not worried about the hacked getting in, I just don;t want my sql log files to grow 70MB every 3-4 hours. So I know that IPSecPol.exe can do the same thing as the snapin...so that's what I'm loking for. Quote
kpgraci Posted July 18, 2011 Author Posted July 18, 2011 Resolved: I already had an IPSecPol in place to block IP addresses, so all I needed to do was scan the log file, say every minute, and call a batch file with this in it: netsh ipsec static add filter filterlist="Block_IPs" srcaddr="ip_here" dstaddr="any" Inspired by this: http://blogs.msdn.com/b/sql_protocols/archive/2006/04/10/572605.aspx and the program written by CGDesign, which I did not use (don't know them) but I'll credit them with the solution. Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.