Hello- I have a question about figuring out where a failed logon is coming from and locking out
the source IP.
Normally, this is pretty easy; SQL logs, sys.dm_exec_connections or at the Logon event, EVENTDATA().value('(/EVENT_INSTANCE/ClientHost) has all you need know.
And thus, finding and locking out certain client IPs can be done via a logon trigger -or in current versions of SQL you can use windows lockout policies to lockout the connection at a user level.
But, we have a SQL server behind a hardware firewall. If we get a failed logon, the SQL logs show the IP for the client to be the IP of the local gateway. I believe
that there is no way for SQL to know the actual client IP address because of the firewall NATing. But, on a successful logon, sys.dm_exec_connections contains the cl
View Complete Post