[FONT=Verdana]We`re running an asl v6.311 with IPS enabled. In the last 2-3 weeks the IPS is generating a lot of Alerts:
[/FONT]Details about the intrusion alert:
[FONT=Verdana]Message........: MS-SQL sa brute force failed login unicode attempt
Details........: http://www.snort.org/pub-bin/sigs.cgi?sid=3273
Time...........: 2007:11:08-11:15:01
Packet dropped.: no
Priority.......: 1 (high)
Classification.: Unsuccessful User Privilege Gain
IP protocol....: 6 (TCP)
[/FONT][FONT=Verdana] the strange thing is, that the source ip is one of our dmz-network:
Source IP address: 192.168.101.40
[/FONT][FONT=Verdana]Destination IP address: 194.158.***.***
There is no Packetfilter, that allows mssql from outside to inside or the other way.
[/FONT]I´ve told the mssql-server-admin to check his server, but have no response yet.
Can someone give me a hint, what to think about this?
This thread was automatically locked due to age.
