Idiotsyncrasies

"Many a man who falls in love with a dimple make the mistake of marrying the whole girl." - Evan Esar

	Scott Valentine Los Alamos, NM USA
	Michael A. Vickers Portland, CT USA

Wednesday, January 02, 2008

What a SQL Server Logon Attack Looks Like

That goes on for about eternity to the tune of about 11 or 12 times a second. Maybe putting that port 1433 pinhole in the firewall wasn't a hot idea. Duh.

And some info on my attacker:

C:\Share\Backups\GRETCHEN\Data\DB\SQL2K5>tracert 71.170.25.99
Tracing route to static-71-170-25-99.dllstx.fios.verizon.net [71.170.25.99]
over a maximum of 30 hops:
1     *        *        1 ms 192.168.10.2
2    12 ms    11 ms    12 ms bras1-l0.mrdnct.snet.net [204.60.4.34]
3    10 ms    10 ms     9 ms dist1-vlan60.mrdnct.sbcglobal.net [66.159.184.226]
4     9 ms     9 ms    10 ms bb1-10g2-0.mrdnct.sbcglobal.net [151.164.92.147]
5    13 ms    13 ms    13 ms bb1-p8-0.nycmny.sbcglobal.net [151.164.92.162]
6    17 ms   209 ms   218 ms ex2-p8-0.eqnwnj.sbcglobal.net [151.164.41.246]
7    14 ms    13 ms    12 ms 70.245.63.206
8    13 ms    13 ms    13 ms asn3491.eqsjca.sbcglobal.net [151.164.249.38]
9    14 ms    13 ms    13 ms so-7-1-0-0.BB-RTR1.NWRK.verizon-gni.net [130.81.17.156]
10    18 ms    18 ms    27 ms so-7-3-0-0.BB-RTR1.PHIL.verizon-gni.net [130.81.19.56]
11    22 ms    22 ms    21 ms 130.81.19.118
12    41 ms    40 ms    40 ms so-7-1-0-0.BB-RTR2.ATL01.verizon-gni.net [130.81.19.35]
13    68 ms    68 ms    67 ms so-7-3-0-0.BB-RTR2.DFW01.verizon-gni.net [130.81.19.20]
14    68 ms    68 ms    68 ms P11-0.LCR-02.DLLSTX.verizon-gni.net [130.81.29.179]
15    68 ms    68 ms    68 ms P12-0.LCR-04.DLLSTX.verizon-gni.net [130.81.27.205]
16    70 ms    69 ms    69 ms P1-0.VFTTP-09.DLLSTX.verizon-gni.net [130.81.48.123]
17    70 ms    72 ms    70 ms static-71-170-25-99.dllstx.fios.verizon.net [71.170.25.99]
Trace complete.
C:\Share\Backups\GRETCHEN\Data\DB\SQL2K5>ping 71.170.25.99
Pinging 71.170.25.99 with 32 bytes of data:
Reply from 71.170.25.99: bytes=32 time=74ms TTL=121
Reply from 71.170.25.99: bytes=32 time=71ms TTL=121
Reply from 71.170.25.99: bytes=32 time=70ms TTL=121
Reply from 71.170.25.99: bytes=32 time=70ms TTL=121
Ping statistics for 71.170.25.99:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 70ms, Maximum = 74ms, Average = 71ms

In times past I may have aimed a few servers on different T1 connections to call down the thunder on these folks, but everybody has a broadband connection these days.

Labels: sysadmin