SQL Injection
-
NotManyPoints (2/4/2009)
sunning in the caribbean.:cool:That is me..... I live in the Caribbean 😎
-Roy
-
Roy Ernest (2/4/2009)
NotManyPoints (2/4/2009)
sunning in the caribbean.:cool:That is me..... I live in the Caribbean 😎
Go ahead, rub it in! 😛
-
Roy Ernest (2/4/2009)
That is me..... I live in the Caribbean 😎
nice
-------------------------------------------------------------
"It takes 15 minutes to learn the game and a lifetime to master"
"Share your knowledge. It's a way to achieve immortality." -
LOL @Lynn... That is one advantage of living in the Caribean. It is Sunny and bright.... Even in the middle of Winter, it is 23 degree Minimum 😎
-Roy
-
As to the question of how someone could go 6 years without knowing about sql injection.. bear in mind that for the first year or so the attack was not that widely known. and even after that it may have been considered more the providence of the lazy developer doing 'on the fly sql' (something no self respecting dba would ever do ). For example the MSDN Mag article (for which my wife wrote a sidebar) didn't appear until september of 2004.
So if someone was mostly working on systems that were not exposed to untrusted users, behind firewalls where 'security' was mainly the providence of the IT and Networking folks, and especially if working at higher levels like db architecture etc.. I think it's entirely possible for them to not have been exposed to it.
I'm not sure how realistic that is, but I'm saying it IS possible for someone to be very good, and experienced and just never needed to know about it.
But on the other hand, the OP would seem to have thought, based on the way the question was asked, that injection was some kind of technique or tactic like a datacube.. So it would seem that they had only heard the term without ANY frame of reference to it being an vulnerability that is exploited by hackers
now, as to the lighter side of things
The_SQL_DBA (2/4/2009)
but I am sure most of us understand the importance of forums such as these, so what if it is the most basic question..not to mention it is funny at times when Steve posts a QuestionOfTheDay that has 10 points and all it involves is humour and guess what the % correct is sometimes as low as 50%..
Thanks!!
Perhaps all that tells you is that 50% of dba's have no sense of humor. 😀
Then again potentially depending on population here of non-dba's it's entirely possible they are responsible for the correct answers and that 100% of dba's have no sense of humor.. Especially since we've established in the above thread that most of us are 'not dba's' (at least according to some strict all-knowing definitions. 😛 )
-
I got one new external IP from sql server errorlog..error like ''Login failed for user..client [external IP address].
I know that this is not our company internal IP..So, someone hacked or try to access our sql server?...
How can come to know??
-
Paresh Prajapati (2/4/2009)
I got one new external IP from sql server errorlog..error like ''Login failed for user..client [external IP address].I know that this is not our company internal IP..So, someone hacked or try to access our sql server?...
How can come to know??
Two things here. First, you probably should have started a new thread with this. Second, this looks like something you should take up with your network services (or what ever they are called) that are responsible for your firewall and network infrastructure.
-
also have a good look at the IP itself, is it a non-routable IP such as a 10.10 or 192.168 if it is then it MIGHT have come from inside your network due to a system that didn't get a proper IP address and punted, creating it's own address on the fly, or someone accidentally putting up a rogue dhcp server.
Probably good to get your networking guys involved to be sure.
You could also submit the IP to a 'whois' site (there are ones for various regions of the world, such as the ARIN[/url] (American Registry of Internet Numbers) who is site, which has links to the others. That can tell you where the IP is located, and who owns the address range from which it came.
If the SQL server is not in a network DMZ or otherwise externally facing, and the address truely originated outside your company (not just someone's system inside the company with a 'bad' IP address) then your networking guys "have some 'splaining to do" as to how that system was even able to attempt connecting to your SQL server.
-
Lynn Pettis (2/4/2009)
Paresh Prajapati (2/4/2009)
I got one new external IP from sql server errorlog..error like ''Login failed for user..client [external IP address].I know that this is not our company internal IP..So, someone hacked or try to access our sql server?...
How can come to know??
Two things here. First, you probably should have started a new thread with this. Second, this looks like something you should take up with your network services (or what ever they are called) that are responsible for your firewall and network infrastructure.
I asked network peoples but the don't know how this is access by from this IP..
-
If they say that this is not an IP that they know off, that means you are in trouble. You should not be getting any hits on the DB from an external IP. That means your Network is going to be compromised pretty soon.
Is your DB accessible from the outside world? What I mean is, is your DB not in a DMZ? If that is the case, you will have lots of problem.
-Roy
-
It looks to me like someone might be trying to give you a real life example of SQL Injection.
Hopefully this machine is not internet facing and has been properly secured and patched.
And if the attempt was to login as SA, make sure you have a strong password.
Greg E
-
What are the first two octets of of the IP address?
Did you try running it through one of the whois links provided above?
-
Greg Edwards (2/6/2009)
It looks to me like someone might be trying to give you a real life example of SQL Injection.Hopefully this machine is not internet facing and has been properly secured and patched.
And if the attempt was to login as SA, make sure you have a strong password.
Greg E
nah, if an attacker can gain direct access to the SQL server they don't need to use injection
SQL injection is generally always used to access the server via some other 'proxy', typically a UI of something like a web application (or even a native mode application, although that's less common) it's a way to access the SQL server when you can't talk to it directly
Now, they might use it as a pre-cursor to talking directly to the server (presuming they could manage that also) , perhaps by creating users or other things that could be done via scripted queries if the user executing them hasn't been restricted to the minimum rights needed to do it's job. why heck, if the cmdshell stored proc is present and active, and the user executing the queries for the front end can execute it, then pretty much all bets are off because then people can even create local users on the box via things like old NTLM command line functions that are still present such as 'net user')
but my point is, once someone is talking directly to the SQL server, they've generally left injection behind, and are on to more direct attacks
-
Paresh Prajapati (2/5/2009)
I asked network peoples but the don't know how this is access by from this IP..Ask them to find out. Network security is their business and an unknown IP on the network is in their area to fix.
Gail Shaw
Microsoft Certified Master: SQL Server, MVP, M.Sc (Comp Sci)
SQL In The Wild: Discussions on DB performance with occasional diversions into recoverabilityWe walk in the dark places no others will enter
We stand on the bridge and no one may pass -
GilaMonster (2/6/2009)
Paresh Prajapati (2/5/2009)
I asked network peoples but the don't know how this is access by from this IP..Ask them to find out. Network security is their business and an unknown IP on the network is in their area to fix.
Ask only? Demand he should. Possible breach of security and concerned they aren't?
Viewing 15 posts - 91 through 105 (of 121 total)
You must be logged in to reply to this topic. Login to reply