4

I saw in the logs of my server that an IP was repeatedly trying to logon as sa onto my SQL Server. The ip is: 75.145.243.233 it resolves back to 5-145-243-233-richmond-va.hfc.comcastbusiness.net.

Is there anyway to find out from Comcast who owns this box?

1 Answers1

8

You'll want to report the problem to Comcast and your ISP. They won't tell you who it is, but they may either contact the user or disconnect them.

Odds are they won't to anything. You shouldn't leave your SQL Server on the public Internet. I recently blogged about this exact thing.

mrdenny
  • 27,174
  • 4
  • 41
  • 69
  • Most attacks are launched from already hacked servers. So I think it's unlikely that the person responsible for this is at that IP. This is why ISPs will do nothing. But I say report the problem and hope that Comcast will notify their customer of the issue so that they can sort it out on their end. Beyond that block that IP address from accessing your SQL Server and come up with a good reason to have your SQL Server on the web and available to everyone. If you can't come up with a good reason then fix your attack surface area by protecting your server better. – 3dinfluence Oct 09 '09 at 19:21