how can I log 'hackers' failed attempts to login w/ip

Hello, I have a db server that has to be open to the internet.. and I
get 'hackers' trying to login to sa/power all day.

The thing is, the connection is 'force encryption' , so I cannot sniff
the traffic.. and since these 'hackers' are using their own tools, I
cannot tell their client software to send me their IP. (I know i
canget their hostname via C2 audits)


So basically, how do I monitor for these things and how to auto block
IPs.


any ideas?


thanks
Leee

Hi

As well as changing the hostname they also probably falsifying their IP
address. If you really have to leave the database open to the internet, then
you may want to block unknow IP addresses at the firewall. You should also
make sure that you are not using the default ports.

Depending on what you are doing, you may want to consider using a web
service or some other interim application as the means to communicate with
your database, you can then keep a tighter control over who/what connects.

John

"trend" <trend42@hotmail-dot-com.no-spam.invalid> wrote in message
news:Ru- dncm8YPCz93HfRVn_vA@
giganews.com...
> Hello, I have a db server that has to be open to the internet.. and I
> get 'hackers' trying to login to sa/power all day.
>
> The thing is, the connection is 'force encryption' , so I cannot sniff
> the traffic.. and since these 'hackers' are using their own tools, I
> cannot tell their client software to send me their IP. (I know i
> canget their hostname via C2 audits)
>
>
> So basically, how do I monitor for these things and how to auto block
> IPs.
>
>
> any ideas?
>
>
> thanks
> Leee
>