Re: Microsoft SQL Server Stored procedures [sp_MSSetServerPropert iesn and sp_MSsetalertinfo] (#NISR03092002A)

From: Karsten Højgaard (KHojgaard@DK.SNT.COM)
Date: 09/04/02

Date:         Wed, 4 Sep 2002 16:15:45 +0200
From: Karsten Højgaard <KHojgaard@DK.SNT.COM>

NGSSoftware Insight Security Research said:

> [..] It does not allow an
> attacker to compromise the server or data but may be used in conjunction
> with another attack. For example an attacker may not want SQL Server to
> restart on server reboot if they set a shell listening on TCP port 1433.

There's easier ways to access the port than actually halting the process.

An application can normally listen to either a specific interface, or all
interfaces (the normal approach). A little known fact is that a process that
binds to a specific ip silently overrides processes listening on all ips and
the same port(s).

This can be tested by getting netcat for windows at, and instructing it
to listen on your public ip, e.g. on port 80, while you run IIS or PWS.

Not that IIS is still running, and not returning errors, while actual
connects to the machine's public ip are in fact handled by netcat.

> [..]

Karsten Højgaard
System engineer
SNT Denmark

Relevant Pages

  • Re: Appeal for Help. NOT Code Red But Is It?
    ... our server immediately responds back to the prober ... What is happening is that the IDS is becomming confused about who the ... each worm that is still on its way from the attacker. ... > and outbound port was 2913. ...
  • Re: RealVNC
    ... Default listening port for RealVNC server that runs on the machine on which ... Then there is default Java listening port on port 5800 on the client machine ...
  • Re: trying to restrict postfix use of port [was trying to restrict exim smtp to specific IP]
    ... you do need to open port 25 "locally" and bind ... But opening a port "locally" does not mean your SMTP server can be used ... You need to be notified by e-mail (remote account) about crontab tasks. ... So, yes, the MTA is listening in that port and I cannot find any ...
  • Re: RealVNC
    ... I use VNC behind server ... Default listening port for RealVNC server that runs on the machine ... And then "other"party - not the client can run RealVNC Viewer in ...
  • Re: Question: FTP via alternate port
    ... detection techniques based on port. ... regarding your SQL server on the internal net; ... Why would you want to open your SQL server to the outside world? ... Theoretically an attacker could still compromise your SQL by hitting the ...