防止远程登录尝试 [英] Preventing Remote Login Attempts
问题描述
大家好,
希望有人可以帮忙解决这个问题。我们有一个外部服务,协助我们公司。他们需要访问我们的SQL服务器,因此我们必须向他们打开1433.
在我们的路由器中,我们将源限制为仅为其IP地址。这工作了多年。最近刚出现了一系列EventID 18456错误(用户'sa'登录失败。原因:密码与提供的登录名不一致。[客户:
<不同的IP>])。 每次客户都不同,他们以每秒1秒的速度进入,每次约1小时,然后再休息几个小时。通常每24小时不超过3次攻击。
我有点难过这是如何发生的,因为唯一能够从防火墙进入的IP地址路由器是来自外部公司的路由器。显然,其他人正在顺利通过。
任何想法或帮助都将受到赞赏。
如果获得不同的IP地址,则说明防火墙配置不正确。
当您将服务器打开到Internet以尝试登录失败时,这种情况非常常见。 有大量恶意软件和病毒试图登录到端口1433. 至少为了保护自己,你应该将端口号
更改为1433以外的其他东西,并使用端口转发来获得1433用于你真正想要工作的IP。
Hi All,
Hopefully someone can help solve this issue. We have an outside service that is assisting our company. They need access to our SQL server so we had to open 1433 to them.
In our router we limited the source to only be their IP address. Which was working for years. Just recently however there have been a run of EventID 18456 errors(Login failed for user 'sa'. Reason: Password did not match that for the login provided. [CLIENT: <different IPs>]). And the client is different each time, they come in at a rate of 1 a second for about one hour at a time then a few hours break then again. usually no more than 3 attacks per 24 hour period.
I'm kind of stumped in how this is happening as the only IP Address that should be able to get in the firewall from the router is the one from the outside company. Clearly others are getting through though.
Any thoughts or help would be appreciated.
If you are getting different IP addresses, then you firewall is not configured correctly.
It is very common when you open your server up to the Internet to get failed attempted logins. There are tons of malware and viruses which attempt to login to port 1433. At the very least to protect yourself, you should change the port number to something other than 1433 outside and use port forwarding to get to 1433 for the IPs you actually want to work.
这篇关于防止远程登录尝试的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
