论坛: 黑客进阶 标题: 大哥帮忙看一下,我的SQLSERVER是不是被人攻击了 复制本贴地址    
作者: tonny_zhou [tonny_zhou]    论坛用户   登录
我用netstat -an 看到好多监听信息,如下:

大家帮我看一下,我需要怎样做才能防止这样链接出现


TCP 61.**.**.**:1433 61.95.163.106:3653 TIME_WAIT
TCP 61.**.**.**:1433 61.95.163.106:3660 TIME_WAIT
TCP 61.**.**.**:1433 61.95.163.106:3675 TIME_WAIT
TCP 61.**.**.**:1433 61.95.163.106:3687 TIME_WAIT
TCP 61.**.**.**:1433 61.95.163.106:3690 TIME_WAIT
TCP 61.**.**.**:1433 61.95.163.106:3695 TIME_WAIT
TCP 61.**.**.**:1433 61.95.163.106:3697 TIME_WAIT
TCP 61.**.**.**:1433 61.95.163.106:3701 TIME_WAIT
TCP 61.**.**.**:1433 61.95.163.106:3718 TIME_WAIT
TCP 61.**.**.**:1433 61.95.163.106:3721 TIME_WAIT
TCP 61.**.**.**:1433 61.95.163.106:3751 TIME_WAIT
TCP 61.**.**.**:1433 61.95.163.106:3752 TIME_WAIT
TCP 61.**.**.**:1433 61.95.163.106:3809 TIME_WAIT
TCP 61.**.**.**:1433 61.95.163.106:3826 TIME_WAIT
TCP 61.**.**.**:1433 61.95.163.106:3832 TIME_WAIT
TCP 61.**.**.**:1433 61.95.163.106:3844 TIME_WAIT
TCP 61.**.**.**:1433 61.95.163.106:3871 TIME_WAIT
TCP 61.**.**.**:1433 61.95.163.106:3884 TIME_WAIT
TCP 61.**.**.**:1433 61.95.163.106:3907 TIME_WAIT
TCP 61.**.**.**:1433 61.95.163.106:3914 TIME_WAIT
TCP 61.**.**.**:1433 61.95.163.106:3939 TIME_WAIT
TCP 61.**.**.**:1433 61.95.163.106:3942 TIME_WAIT
TCP 61.**.**.**:1433 61.95.163.106:3973 TIME_WAIT
TCP 61.**.**.**:1433 61.95.163.106:3975 TIME_WAIT
TCP 61.**.**.**:1433 61.95.163.106:3979 TIME_WAIT
TCP 61.**.**.**:1433 61.95.163.106:3980 TIME_WAIT
TCP 61.**.**.**:1433 61.95.163.106:3985 TIME_WAIT
TCP 61.**.**.**:1433 61.95.163.106:4833 TIME_WAIT
TCP 61.**.**.**:1433 61.95.163.106:4841 TIME_WAIT
TCP 61.**.**.**:1433 61.95.163.106:4863 TIME_WAIT
TCP 61.**.**.**:1433 61.95.163.106:4869 TIME_WAIT
TCP 61.**.**.**:1433 61.95.163.106:4876 TIME_WAIT
TCP 61.**.**.**:1433 61.95.163.106:4899 TIME_WAIT
TCP 61.**.**.**:1433 61.95.163.106:4912 TIME_WAIT
TCP 61.**.**.**:1433 61.95.163.106:4916 TIME_WAIT
TCP 61.**.**.**:1433 61.95.163.106:4924 TIME_WAIT
TCP 61.**.**.**:1433 61.95.163.106:4929 TIME_WAIT
TCP 61.**.**.**:1433 61.95.163.106:4957 TIME_WAIT
TCP 61.**.**.**:1433 61.95.163.106:4969 TIME_WAIT
TCP 61.**.**.**:1433 61.95.163.106:4976 TIME_WAIT
TCP 61.**.**.**:1433 61.95.163.106:4985 TIME_WAIT
TCP 61.**.**.**:1433 61.95.163.106:4996 TIME_WAIT
TCP 61.**.**.**:1433 61.95.221.245:3006 TIME_WAIT
TCP 61.**.**.**:1433 61.95.221.245:3033 TIME_WAIT
TCP 61.**.**.**:1433 61.95.221.245:3056 TIME_WAIT
TCP 61.**.**.**:1433 61.95.221.245:3062 TIME_WAIT
TCP 61.**.**.**:1433 61.95.221.245:3090 TIME_WAIT
TCP 61.**.**.**:1433 61.95.221.245:3094 TIME_WAIT
TCP 61.**.**.**:1433 61.95.221.245:3098 TIME_WAIT
TCP 61.**.**.**:1433 61.95.221.245:3101 TIME_WAIT
TCP 61.**.**.**:1433 61.95.221.245:3153 TIME_WAIT
TCP 61.**.**.**:1433 61.95.221.245:3161 TIME_WAIT
TCP 61.**.**.**:1433 61.95.221.245:4831 TIME_WAIT
UDP 0.0.0.0:162 *:*
UDP 0.0.0.0:514 *:*
UDP 0.0.0.0:1434 *:*
UDP 0.0.0.0:1468 *:*
UDP 0.0.0.0:1491 *:*
UDP 0.0.0.0:1492 *:*
UDP 0.0.0.0:1493 *:*
UDP 0.0.0.0:1494 *:*
UDP 0.0.0.0:1566 *:*
UDP 0.0.0.0:1593 *:*
UDP 0.0.0.0:1597 *:*
UDP 0.0.0.0:2069 *:*
UDP 0.0.0.0:8087 *:*
UDP 61.**.**.**:137 *:*
UDP 61.**.**.**:138 *:*
UDP 61.**.**.**:500 *:*

:\Documents and Settings\Administrator>
:\Documents and Settings\Administrator>


地主 发表时间: 06-08-04 16:36

回复: raojianhua [raojianhua]   论坛用户   登录
应该是有人在暴力破解你的MSSQL的密码,但这不一定就能成功 ,但,如果你的密码设置得很简单的话,应该注意啦

B1层 发表时间: 06-08-05 13:44

回复: 在20CN沦落 [poemail]   论坛用户   登录
不要紧,死不了…………

B2层 发表时间: 06-09-26 15:57

回复: BBL [bbl]   论坛用户   登录
最多让他进入巩固后来个重装系统气死他。。。

B3层 发表时间: 06-10-20 10:43

回复: TomyChen [quest]   版主   登录
ipsec或者其他防火墙都可以,其实我觉得用ipsec完全够用

如果MSSQL只在本机使用,就是没有其他的程序等在本机(安装MSSQL的机器)以外的机器需要访问的情况下,把策略设成只允许本机访问(拒绝所有外部连接)即可。

如果有那么可以指定一下信任域,如果是动态IP,那就。。。慢慢忍受吧>_<

B4层 发表时间: 06-10-23 06:16

论坛: 黑客进阶

20CN网络安全小组版权所有
Copyright © 2000-2010 20CN Security Group. All Rights Reserved.
论坛程序编写:NetDemon

粤ICP备05087286号