sql-server - AWS RDS (SQL Server) 可疑的暴力登录尝试

问题描述

我创建了一个公共 RDS (SQL Server) 实例。对于我的项目要求，它必须是公开的。当我检查日志时，它显示了来自某些 IP 的数千条登录尝试失败条目，如下所示（我尝试在不同的区域创建多个实例，但仍然存在相同的问题）。任何形式的帮助将不胜感激。谢谢。

错误日志：

2020-02-03 09:45:28.98 Logon       Login failed for user 'sa'. Reason: Could not find a login matching the name provided. [CLIENT: 61.12.74.190]
2020-02-03 09:45:29.31 Logon       Error: 18456, Severity: 14, State: 5.
2020-02-03 09:45:29.31 Logon       Login failed for user 'sa'. Reason: Could not find a login matching the name provided. [CLIENT: 61.12.74.190]
2020-02-03 09:45:29.42 Logon       Error: 18456, Severity: 14, State: 5.
2020-02-03 09:45:29.42 Logon       Login failed for user 'mssqla'. Reason: Could not find a login matching the name provided. [CLIENT: 112.53.236.114]
2020-02-03 09:45:29.48 Logon       Error: 18456, Severity: 14, State: 5.
2020-02-03 09:45:29.48 Logon       Login failed for user 'sa'. Reason: Could not find a login matching the name provided. [CLIENT: 61.12.74.190]
2020-02-03 09:45:29.73 Logon       Error: 18456, Severity: 14, State: 5.
2020-02-03 09:45:29.73 Logon       Login failed for user 'sa'. Reason: Could not find a login matching the name provided. [CLIENT: 61.12.74.190]
2020-02-03 09:45:30.08 Logon       Error: 18456, Severity: 14, State: 5.
2020-02-03 09:45:30.08 Logon       Login failed for user 'sa'. Reason: Could not find a login matching the name provided. [CLIENT: 61.12.74.190]

作为临时修复，我已将来自 VPC -> 网络 ACL 的所有 ip 列入黑名单，对于几个 IP，此解决​​方案还可以，但对于数百个 IP，此解决​​方案非常痛苦，因此我期待一种更有效的方法来解决此问题问题。

笔记：

我检查了 AWS 论坛，发现了一个非常古老且类似的问题，但没有回答https://forums.aws.amazon.com/thread.jspa?messageID=196538ﾺ

另外，在stackoverflow上发现了一个类似的问题这是蛮力尝试吗？（AWS SQL Server）也没有任何指定的解决方案。

标签： sql-serveramazon-web-servicessecurityamazon-rds