如果获得不同的IP地址，则说明防火墙配置不正确。  

当您将服务器打开到Internet以尝试登录失败时，这种情况非常常见。 有大量恶意软件和病毒试图登录到端口1433. 至少为了保护自己，你应该将端口号
更改为1433以外的其他东西，并使用端口转发来获得1433用于你真正想要工作的IP。

Hi All,

Hopefully someone can help solve this issue. We have an outside service that is assisting our company. They need access to our SQL server so we had to open 1433 to them. 

In our router we limited the source to only be their IP address. Which was working for years. Just recently however there have been a run of EventID 18456 errors(Login failed for user 'sa'. Reason: Password did not match that for the login provided. [CLIENT: <different IPs>]).  And the client is different each time, they come in at a rate of 1 a second for about one hour at a time then a few hours break then again. usually no more than 3 attacks per 24 hour period. 

I'm kind of stumped in how this is happening as the only IP Address that should be able to get in the firewall from the router is the one from the outside company. Clearly others are getting through though. 

Any thoughts or help would be appreciated. 

If you are getting different IP addresses, then you firewall is not configured correctly.  

It is very common when you open your server up to the Internet to get failed attempted logins.  There are tons of malware and viruses which attempt to login to port 1433.  At the very least to protect yourself, you should change the port number to something other than 1433 outside and use port forwarding to get to 1433 for the IPs you actually want to work.