Wednesday, January 02, 2008

What a SQL Server Logon Attack Looks Like

That goes on for about eternity to the tune of about 11 or 12 times a second. Maybe putting that port 1433 pinhole in the firewall wasn't a hot idea. Duh.

And some info on my attacker:

C:\Share\Backups\GRETCHEN\Data\DB\SQL2K5>tracert 71.170.25.99

Tracing route to static-71-170-25-99.dllstx.fios.verizon.net [71.170.25.99]
over a maximum of 30 hops:

  1     *        *        1 ms  192.168.10.2
  2    12 ms    11 ms    12 ms  bras1-l0.mrdnct.snet.net [204.60.4.34]
  3    10 ms    10 ms     9 ms  dist1-vlan60.mrdnct.sbcglobal.net [66.159.184.226]
  4     9 ms     9 ms    10 ms  bb1-10g2-0.mrdnct.sbcglobal.net [151.164.92.147]
  5    13 ms    13 ms    13 ms  bb1-p8-0.nycmny.sbcglobal.net [151.164.92.162]
  6    17 ms   209 ms   218 ms  ex2-p8-0.eqnwnj.sbcglobal.net [151.164.41.246]
  7    14 ms    13 ms    12 ms  70.245.63.206
  8    13 ms    13 ms    13 ms  asn3491.eqsjca.sbcglobal.net [151.164.249.38]
  9    14 ms    13 ms    13 ms  so-7-1-0-0.BB-RTR1.NWRK.verizon-gni.net [130.81.17.156]
10    18 ms    18 ms    27 ms  so-7-3-0-0.BB-RTR1.PHIL.verizon-gni.net [130.81.19.56]
11    22 ms    22 ms    21 ms  130.81.19.118
12    41 ms    40 ms    40 ms  so-7-1-0-0.BB-RTR2.ATL01.verizon-gni.net [130.81.19.35]
13    68 ms    68 ms    67 ms  so-7-3-0-0.BB-RTR2.DFW01.verizon-gni.net [130.81.19.20]
14    68 ms    68 ms    68 ms  P11-0.LCR-02.DLLSTX.verizon-gni.net [130.81.29.179]
15    68 ms    68 ms    68 ms  P12-0.LCR-04.DLLSTX.verizon-gni.net [130.81.27.205]
16    70 ms    69 ms    69 ms  P1-0.VFTTP-09.DLLSTX.verizon-gni.net [130.81.48.123]
17    70 ms    72 ms    70 ms  static-71-170-25-99.dllstx.fios.verizon.net [71.170.25.99]

Trace complete.

C:\Share\Backups\GRETCHEN\Data\DB\SQL2K5>ping 71.170.25.99

Pinging 71.170.25.99 with 32 bytes of data:

Reply from 71.170.25.99: bytes=32 time=74ms TTL=121
Reply from 71.170.25.99: bytes=32 time=71ms TTL=121
Reply from 71.170.25.99: bytes=32 time=70ms TTL=121
Reply from 71.170.25.99: bytes=32 time=70ms TTL=121

Ping statistics for 71.170.25.99:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 70ms, Maximum = 74ms, Average = 71ms

In times past I may have aimed a few servers on different T1 connections to call down the thunder on these folks, but everybody has a broadband connection these days.

No comments: