SQL Server Ports and Attacks

For those of you who host SQL Server, how do you handle the default ports?

It is a common practice to block the default port SQL Server listens to for security reasons (many worms and attacks / password dictionary attacks). The problem with this is that your customers have to do additional configuration, which is something I really really don't want to do.

However... I have these attackers who make hundreds of connections to my server, trying to guess my sa password. I doubt they'll ever guess it correctly, but they are constantly using up precious processing cycles, memory and bandwidth.

Once I see one of these guys using netstat, I go into ip security policies and ban the offending IP addresses. This takes care of the offender of the day, however another attacker quickly takes his place.

I would like to configure my server so that if anyone tries to create over 50 connections to ban their IP address, so something like that. How could I do this?

 

 

 

 

Top