Block IP Addresses

Block IP Addresses for Windows 2003 Server for SQL Server

After noticing several attempts to login as 'admin' &  'sa' on my Windows 2003 Server with SQL Server,  I was able to terminate access to the server from the offending IP addresses by using Routing & Remote Access (RRAS) snap-in in Windows 2003.

Here's a brief run-down of what I did:

First you must shut down and disable Microsoft Windows Firewall.

  1. Go to Start >> Administrative Tools >> Services
  2. Scroll to the bottom to Windows Firewall/Internet Connection Sharing (ICS)
  3. Right click and go to >> Properties
  4. Under the General tab choose Startup Type: Disabled
  5. Click Stop
  6. Once the service is stopped click OK.

Then...
Start - Run- MMC - Add the Routing and Remote Access Snap-in

Enable RRAS on the server on all adapters

Since the attacks I was experiencing were from external addresses, I went to IP Routing, General, Public Network and selected properties.

On the general tab, select inbound filters and add a filter to receive all packets except those that meet the criteria below, then add the offending IP addresses one at a time.

In my case, the source address was the IP of the offending computer, subnet was 255.255.255.255 and the protocol was any. Once I cleaned up the offenders I saw a complete end to sa login failures in the application log.