Home / server / Questions / 1035328
In Process
inckka
Asked: 2020-09-26 04:49:27 +0800 CST

Azure container instance receives tremendous traffic even right after its creation

  • 772

I've created an Azure container instance with MSSQL container image. It starts. However before even login, or even putting the URL in to use, I've checked the container logs and it's being hit with traffic. As this is a MSSQL DB server, it receives login attempts. Below shows a sample from log.

2020-09-25 10:59:39.66 Logon       Login failed for user 'sa'. Reason: Password did not match that for the login provided. [CLIENT: 10.240.255.55]
2020-09-25 10:59:39.69 Logon       Error: 18456, Severity: 14, State: 8.
2020-09-25 10:59:39.69 Logon       Login failed for user 'sa'. Reason: Password did not match that for the login provided. [CLIENT: 10.240.255.56]
2020-09-25 10:59:39.70 Logon       Error: 18456, Severity: 14, State: 8.
2020-09-25 10:59:39.70 Logon       Login failed for user 'sa'. Reason: Password did not match that for the login provided. [CLIENT: 10.240.255.56]
2020-09-25 10:59:39.72 Logon       Error: 18456, Severity: 14, State: 8.
2020-09-25 10:59:39.72 Logon       Login failed for user 'sa'. Reason: Password did not match that for the login provided. [CLIENT: 10.240.255.56]
2020-09-25 10:59:39.74 Logon       Error: 18456, Severity: 14, State: 8.
2020-09-25 10:59:39.74 Logon       Login failed for user 'sa'. Reason: Password did not match that for the login provided. [CLIENT: 10.240.255.56]
2020-09-25 10:59:39.76 Logon       Error: 18456, Severity: 14, State: 8.
2020-09-25 10:59:39.76 Logon       Login failed for user 'sa'. Reason: Password did not match that for the login provided. [CLIENT: 10.240.255.56]
2020-09-25 10:59:39.79 Logon       Error: 18456, Severity: 14, State: 8.
2020-09-25 10:59:39.79 Logon       Login failed for user 'sa'. Reason: Password did not match that for the login provided. [CLIENT: 10.240.255.55]
2020-09-25 10:59:39.83 Logon       Error: 18456, Severity: 14, State: 8.
2020-09-25 10:59:39.83 Logon       Login failed for user 'sa'. Reason: Password did not match that for the login provided. [CLIENT: 10.240.255.56]
2020-09-25 10:59:39.85 Logon       Error: 18456, Severity: 14, State: 8.
2020-09-25 10:59:39.85 Logon       Login failed for user 'sa'. Reason: Password did not match that for the login provided. [CLIENT: 10.240.255.55]
2020-09-25 10:59:39.87 Logon       Error: 18456, Severity: 14, State: 8.

Also I've created the DNS name with a random text and number. However still I'm having the requests. As per the above log, the username always comes as 'sa' however I saw there are some other guesses also.

How malicious users/bots find newly created instances? Is everything goes to a registry? Is there anyway to avoid these unwanted requests?

sql-server ddos brute-force-attacks azure-container-service

0 Answers