RE: SQL & MSDE and Ports 1433 and 1434

From: Stefan Lister (SLister@ariba.com)
Date: 02/14/03

  • Next message: Rob Shein: "RE: Vulnebrability level definition" 
    From: Stefan Lister <SLister@ariba.com>
To: "'Eric Zatko'" <EZatko@co.lucas.oh.us>, security-basics@securityfocus.com
Date: Fri, 14 Feb 2003 08:09:34 -0800

    As I understand it, if you have an app on a system using MSDE, the system
    would be vulnerable to the SQL Slammer worm *if* the app was listening on
    port 1434.

    A gazillion apps install MSDE when they get installed on a system. A
    minority of those apps listen on 1434 - at least that what it looks like
    where I work and I've run nmap against most of my subnets looking for
    vulnerable machines.

    Patch your SQL 2000 systems immediately, run nmap (or whatever you favorite
    tool is) against your subnets and a take a nap.

    -----Original Message-----
    From: Eric Zatko [mailto:EZatko@co.lucas.oh.us]
    Sent: Thursday, February 13, 2003 7:01 AM
    To: security-basics@securityfocus.com
    Subject: RE: SQL & MSDE and Ports 1433 and 1434

    Good day all...

    Great point H C. I suspected the same thing and have tried that... After
    doing a "netstat -a -n" on the server, I find that it shows the SQLserver
    listens on port 1433 (TCP, not UDP). It doesn't show anything listening for
    UDP on 1433 or 1434.

    I am confused.

    Thanks,
    Eric

    >>> H C <keydet89@yahoo.com> Thursday, February 13, 2003 8:39:02 AM >>>
    Since it seems that both MS SQL Server and MSDE are
    vulnerable to the Slammer exploit (if unpatched), one
    would think that the most obvious first approach would
    be to see if anything is actually listening on UDP
    1434. Given the issues that can arise w/ a remote
    nmap scan of a system, perhaps the most obvious
    approach would be to run netstat and/or fport on the
    system in question. This should tell you pretty
    definitively whether or not something is even
    listening on the port in question.

    __________________________________________________
    Do you Yahoo!?
    Yahoo! Shopping - Send Flowers for Valentine's Day http://shopping.yahoo.com

    Relevant Pages

    • Re: Access vs SQL
      ... from Access, tweaked my app a bit, and viola, everything works. ... MSDE 2000 adds a bit of complexity, but I have to say, compared to ... > (above and beyond what they pay for my engineering services). ... > Now, still using C1 components, I know I can upsize to MSDE or SQL ...
      (microsoft.public.dotnet.languages.vb)
    • Re: vb.net/sql server speed issue
      ... not sure you are clear that I am running on SQL ... Server Standard now not MSDE... ... is/can the governer still be an issue even ... > A lot depends on how the app is used. ...
      (microsoft.public.dotnet.framework.adonet)
    • Re: ISV Using SQL Authentication - a login concern
      ... Microsoft SQL Server MVP ... > I am an independent software vendor and my app will be deployed on users machine, it will use msde for db needs on clients machine. ... I am using sql authentication and my app will be connecting to the database using a fixed username and password always, for e.g. sa as user and "myPassword$2" as password. ...
      (microsoft.public.sqlserver.security)
    • Re: Can only log into a MSDE ODBC Connection as Administrator
      ... We found out we were using the wrong port for MSDE. ... We were using the SQL default of 1443 Thank you for your help. ... Make sure the MSDE instance is listening on TCP/IP ...
      (microsoft.public.sqlserver.connect)
    • Re: Do I install SQL or MSDE
      ... Thanks for using the SBS newsgroup! ... difference of MSDE and SQL. ... In SBS 2003 environment, after you setup SBS 2003 server box successfully, ...
      (microsoft.public.windows.server.sbs)