Please start any new threads on our new
site at https://forums.sqlteam.com. We've got lots of great SQL Server
experts to answer whatever question you can come up with.
| Author |
Topic |
|
AskSQLTeam
Ask SQLTeam Question
0 Posts |
 Posted - 2005-08-01 : 15:03:07
|
| harsh kumar writes "Hi,How i can trap IP of failure login in our sql server.ThanksHarsh Kumar" |
|
|
eyechart
Master Smack Fu Yak Hacker
3575 Posts |
Posted - 2005-08-01 : 16:51:56
|
| I don't know of a bulletproof way to do this.the standard auditing that you can turn on for SQL Server only tracks that a login for a user failed. You get a message like this: Login failed for user 'test'SQL Profiler looks promising, but it doesn't really deliver what you need either. If you setup a trace for failed logins and select 'Hostname' as a data colmn you will notice that sometimes that data appears and sometimes it doesn't. This is because the application trying to connect to SQL Server controls setting the hostname and application name. This also means it can be inaccurate. If someone was trying to get at your data, they could spoof the hostname.You might try looking at enabling the C2 auditing level in SQL Server. This might get you the information you need, although I have never used it. It is kind of an all or nothing deal, with no configuration to which data to filter on. Here is the info on setting that up http://www.microsoft.com/technet/security/prodtech/sqlserver/sql2kaud.mspx#EDAAThis leads to third party apps, like the SOX auditing applications. I have not tried any of them, but this should be a feature. I think lumigent, idera, imceda and apexsql all have auditing tools that you can try. -ec |
 |
|
|
Kristen
Test
22859 Posts |
Posted - 2005-08-02 : 01:26:26
|
| If your server is being hammered by some hacking attack you could change the port it is listening on ... that has solved the problem on our servers that "need to be" wide open to the world.Kristen |
|
|
|
|
|
|
IP trap in sql server