SQL attack - port 1433 - HELP!!

[sherbert]

BEING ATTACKED -- HELP!!!
I presently have a 506e pix that has port 1433 open (SQL) and is being hit from an outside source. I want to close it off, but use it internally between another 506e pix. Can you please let me know what entries on my pix I need to use to keep open the port 1433 between the two pixes, but block everyone else. Here's my info from the pix:

(PIX A)
ip address outside 66.243.86.213 255.255.255.240
ip address inside 10.0.0.1 255.0.0.0
access-group 101 in interface outside
route outside 0.0.0.0 0.0.0.0 66.243.86.209 1


(PIX B)
access-list 101 permit tcp any host 66.243.84.172 eq smtp
access-list 101 permit tcp any host 66.243.84.173 eq 1433
static (inside,outside) 66.243.84.165 SQL2 netmask 255.255.255.255 0 0
access-group 101 in interface outside
access-group acl_inside in interface inside
route outside 0.0.0.0 0.0.0.0 66.243.84.163 1

THANKS!

 

[Zakkas]

Instead of allowing anyone to your SQL server limit it to a certain IP address.

You've got:
access-list 101 permit tcp any host 66.243.84.172 eq smtp
access-list 101 permit tcp any host 66.243.84.173 eq 1433
Which means anyone can connect on 1433 to your SQL server.

Change the 101 access-list to
access-list 101 permit tcp (ip address of remote host or network)host 66.243.84.172 eq smtp
access-list 101 permit tcp (ip address of remote host or network) host 66.243.84.173 eq 1433


For example, say PIXA was trying to connect to the SQL server and PIXA's IP address is the only connection you wanted to allow simply input.

access-list 101 permit tcp host PIXA'sIPaddress host 66.243.84.172 eq smtp
access-list 101 permit tcp host PIXA'sIPaddress host 66.243.84.173 eq 1433