April 30, 2009 at 11:48 am
I'm noticing in my error logs that for 1 to 2 seconds, on several different days now, the error that Login failed for user ' ' - for EVERY user on my server. This seems to be happening on many of my physical servers.
All of my physical servers are behind a firewall. I do NOT notice any suspicious files and my virus scans turn up nothing.
We recently deployed a remote virus scanner, however this was deployed to the servers after I the messages started.
Again, it's only happened a few times, and only for a few seconds.. nothing to really indicate an attack??
Anyone else experience this?
April 30, 2009 at 12:39 pm
Anyone using any tools such as Idera's password checker to audit your logins? Basically a purposeful brute force attack using many passwords to discover what has weak/blank/or same as login passwords. This is something I do somewhat regularly to audit the environment. First time I did it, I forgot that I ran it and was freaked out just like you were ... I'd ensure that no one is purposely checking your logins first.
At the least, put up a trace and watch the activity ...
April 30, 2009 at 12:55 pm
Is it every login, as in someone is walking down logins, or is it just a subset that might normally log in?
Are people really having issues logging in? slowness or failed messages for clients?
May 1, 2009 at 9:37 am
Thanks to everyone for their thoughts, I did find out it was a sql server security checker that I did not know was deployed (how nice!)
Fortunately I passed 😉
May 1, 2009 at 10:03 am
Thanks, can you let us know which checker?
Viewing 6 posts - 1 through 5 (of 5 total)
You must be logged in to reply to this topic. Login to reply