I'm that problem.. I've installed a sniffer and I found this attacks on my mssql. They try "sa" login and they use a lot of bandwidth. How can I stop this brute force attacks on my mssql box? It's a windows2003 machine and i've already blocked 1434 port.. tnx
If you are blocking the mssql port, then the packets should not be making it through. Can you tell if all the attempts are coming from the same IP? If they are, have your DC block or null route that IP.