>>>Is 80K records for today in Application Event Viewer for MSSQLServer a clear indication of someone trying to hack the server and therefore bringing down the resources?
>>
>>Are those event records failed logins? I've seen that many times when people are working to guess the sa password. Your sa account will get locked out because of the failed attempts, by the way.
>>
>
>Yes, they are all failed logins.
>
>>First thing to do if possible is make sure TCP port 1433 is not allowed in through the corporate firewall. If your DMZ or otherwise external web server or outside client has to connect to the SQL server, make rules on the firewall or router to only allow 1433 in to the SQL server from specific IP addresses.
>
>Can you please elaborate on this? What exactly should I do?
>
>Thanks a lot in advance.

I see lots of similar records for the whole morning:

Event Type: Failure Audit
Event Source: MSSQLSERVER
Event Category: (4)
Event ID: 18456
Date: 2/14/2008
Time: 8:17:06 AM
User: N/A
Description:
Login failed for user 'sa'. [CLIENT: 72.158.7.242]

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Details
Product: SQL Server
ID: 18456
Source: MSSQLServer
Version: 9.0
Component: SQL Server Database Engine
Message: Login failed for user '%.*ls'.%.*ls
-----------------------------------------------------------------
Explanation
Error MSSQL_ENG018456 is raised whenever a login attempt fails. If the error message includes the account distributor_admin (Login failed for user 'distributor_admin'.), the issue is with an account used by replication. Replication creates a remote server, repl_distributor , which allows communication between the Distributor and Publisher. The login distributor_admin is associated with this remote server and must have a valid password.

Note:
In versions prior to Microsoft SQL Server 2000 Service Pack 3 (SP3), it was possible to specify that this connection was trusted and did not require a password. If you are upgrading from a previous version, you must now specify a password.


User Action
Ensure that you have specified a password for this account. For more information, see Securing the Distributor.



--------------------------------------------------------------------------------


Currently there are no Microsoft Knowledge Base articles available for this specific error or event message. For information about other support options you can use to find answers online, see http://support.microsoft.com/default.aspx.