September 4, 2002 at 9:16 am
I have an unknown person probing the SA password to access my production database. Since the authentication fails, I can't figure out how to determine host name or NT id for the logon failure. I tried tracing login failures, but some of our boxes are using TCP/IP in the ODBC and the trace doesn't seem to pick up the NT id, without Named Pipes. Any
September 4, 2002 at 9:24 am
Is it possible for you to change the port of your SQL Server just to add a small obscurity layer? Do you have a lot of installations that depend on the normal 1433?
- Troy King
- Troy King
September 4, 2002 at 9:37 am
Try running a network sniffer for a while perhaps? Network Monitor from MS is good or there's our free sniffer NGSSniff.
http://www.nextgenss.com/software/ngssniff.html .
Being a product box you'll probably get a lot of traffic you'll have to sift through but it will pinpoint the origin of the attack.
Cheers,
David Litchfield
NGSSoftware
September 5, 2002 at 12:50 am
quote:
http://www.nextgenss.com/software/ngssniff.html
David, I've been trying to download both NGSSniffer and NGSSquirrel a while now, but your registration process is not working. No matter which of my emailaddresses I use it just says that it is an incorrect address. I haven't bothered emailing you guys, but since you're here, I thought I'd post it.
Chris Hedgate @ Apptus Technologies (http://www.apptus.se)
September 5, 2002 at 7:25 am
The Server versions of the Windows OSes give you the ability to install Microsoft's Network Monitor. If you are using Windows 2000:
Start | Settings | Control Panel | Add/Remove Windows Components | Management and Monitoring Tools | Network Monitor Tools.
This will allow you to perform network traces on the server. You may need to expand the default buffer size, however.
K. Brian Kelley
http://www.truthsolutions.com/
Author: Start to Finish Guide to SQL Server Performance Monitoring
http://www.netimpress.com/shop/product.asp?ProductID=NI-SQL1
K. Brian Kelley
@kbriankelley
Viewing 5 posts - 1 through 4 (of 4 total)
You must be logged in to reply to this topic. Login to reply