[转载]用于截获MSSQL1433端口远程攻击者IP的一段触发器用的代码
文章作者:denebCREATE TRIGGER [T] ON [dbo].[ARR]
after INSERT
AS
declare @mid bigint,@sql varchar(100)
declare @str varchar(100)
set @str='netstat -na'
select top 1 @mid = RowNumber from ARR ORDER BY RowNumber DESC
create table #tmp(aa varchar(200))
insert #tmp exec master..xp_cmdshell @str
insert into AIP (RowNumber,ARRIP)
select @mid , replace(aa,' TCP {这里改为你服务器的IP}:1433 ','') as AIP
from #tmp where (aa like ' TCP {这里改为你服务器的IP}:1433%:%ESTABLISHED'
and not aa like ' TCP
{这里改为你服务器的IP}:1433%{这里改为你服务器的IP}:%ESTABLISHED')
or(aa like ' TCP {这里改为你服务器的IP}:1433%:%TIME_WAIT'
and not aa like ' TCP
{这里改为你服务器的IP}:1433%{这里改为你服务器的IP}:%TIME_WAIT' )
GROUP BY aa
drop table #tmp
页:
[1]