Posted July 18, 201113 yr level: novice First, I found IPSecPol.exe for windows 2000, does it exist for 2008 also? What I want to do, and there may be a better way to do it: My SQL Server sa acocunt gets attacked constantly. I've renamed and disabled it, but the sql error log fills up with failed attempts to login to the missing sa account. I can monitor the logs and find the ip address, so if I had a command line way to block an IP address I could do that while the attack was happening. I know I could just not use sql authentication, but this is not an option right now. Also, I could enfore password policies and lock out the user after so many failed attempts, but I don't know if this will work becuase the sa account does not exist...I renamed it. I'm not worried about the hacked getting in, I just dont want my sql log files to grow 70MB every 3-4 hours. So I know that IPSecPol.exe can do the same thing as the snapin...so that's what I'm loking for.
July 18, 201113 yr Author Resolved: I already had an IPSecPol in place to block IP addresses, so all I needed to do was scan the log file, say every minute, and call a batch file with this in it: netsh ipsec static add filter filterlist="Block_IPs" srcaddr="ip_here" dstaddr="any" Inspired by this: http://blogs.msdn.com/b/sql_protocols/archive/2006/04/10/572605.aspx and the program written by CGDesign, which I did not use (don't know them) but I'll credit them with the solution.
