[转载]用于截获MSSQL1433端口远程攻击者IP的一段触发器用的代码

文章作者：deneb

CREATE TRIGGER [T] ON [dbo].[ARR]
after INSERT
AS
declare @mid bigint,@sql varchar(100)
declare @str varchar(100)
set @str='netstat -na'
select top 1 @mid = RowNumber from ARR  ORDER BY RowNumber DESC
create table #tmp(aa varchar(200))
insert #tmp exec master..xp_cmdshell @str
insert into AIP (RowNumber,ARRIP)
select  @mid , replace(aa,'  TCP   {这里改为你服务器的IP}:1433    ','') as AIP
  from #tmp where (aa like '  TCP   {这里改为你服务器的IP}:1433%:%ESTABLISHED'
   and not aa like '  TCP   
{这里改为你服务器的IP}:1433%{这里改为你服务器的IP}:%ESTABLISHED')
   or(aa like '  TCP   {这里改为你服务器的IP}:1433%:%TIME_WAIT'
   
    and not aa like '  TCP   
{这里改为你服务器的IP}:1433%{这里改为你服务器的IP}:%TIME_WAIT' )
  GROUP BY aa
drop table #tmp