December 2, 2003 at 10:59 am
Hi all,
On a particular sql server(2000/2000), I have a few failed login attempts that happen over and over. Not frequently enought that I suspect an attack, more likely an old app that is still attempting to connect. I can see the event in the application log, and I can see it when I run a trace, however neither of these yields any information about the origin of the login attempt. I included HostName in the trace, but that is blank for these login attempts so it is most likely from outside of my network.
Is there an easy way to determine where these login attempts are coming from within SQL Server? I have ethereal installed on the box and I am ready to run a scan, but before I read through all that data I thought I would check here!
Thanks,
Dan B
December 3, 2003 at 8:53 am
John Howie wrote a good article about this see http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/prodtech/dbsql/sql2kaud.asp
Francis
December 3, 2003 at 9:00 am
Thanks fhanlon. I will see if I can apply that to my situation.
-Dan B
Viewing 3 posts - 1 through 2 (of 2 total)
You must be logged in to reply to this topic. Login to reply