Connection hijacking in SQL Server 2000

From: Wes Gamble (w.gamble@pentasafe.com)
Date: 06/27/02

Next message: sjk: "Re: Sec. Vulnerability in OpenSSH on HP-UX"
Previous message: Security Alert: "Sec. Vulnerability in OpenSSH on HP-UX"
Next in thread: Bernd Eckenfels: "Re: Connection hijacking in SQL Server 2000"
Reply: Bernd Eckenfels: "Re: Connection hijacking in SQL Server 2000"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

From: w.gamble@pentasafe.com (Wes Gamble)
Date: 27 Jun 2002 13:57:20 -0700

All,

Thanks in advance for any help on this.

I am curious to find out if anyone has any good information on
connection hijacking exploits within SQL Server. Assume an
application which uses a connection pooling mechanism to allow for
database access, wherein several connections are opened and then left
open for the use of other clients. The purpose of this is to reduce
the overhead involved in opening/closing many connections.

The connections in the connection pool are authenticated once upon
opening. They are not closed until the application process ends. How
easy is it for someone to "hijack" one of these connections in the
pool. I would assume that an exploiter would have to know the
protocol used by SQL Server so that they could construct reasonable
looking packets to send to SQL Server.

Does anyone have a feel for how easy it is to perform such a
connection hijacking exploit, and what defenses may be mounted against
it? Does a reasonable defense require encryption on every
transmission between the SQL Server client and the SQL Server? Does
it require re-authentication every time? Is there a way to keep the
physical connection open, but re-authenticate with SQL Server?

Hope this makes sense.

Thanks,
Wes Gamble
w.gamble@pentasafe.com

Next message: sjk: "Re: Sec. Vulnerability in OpenSSH on HP-UX"
Previous message: Security Alert: "Sec. Vulnerability in OpenSSH on HP-UX"
Next in thread: Bernd Eckenfels: "Re: Connection hijacking in SQL Server 2000"
Reply: Bernd Eckenfels: "Re: Connection hijacking in SQL Server 2000"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

Re: Error "SQL Server does not allow remote connections"
... The application could not connect to the sql server db. ... network is blocking the connection. ... SqlInternalConnectionTds connHandler, Boolean ignoreSniOpenTimeout, Int64 ... integratedSecurity, SqlConnection owningObject) +737554 ...
(microsoft.public.dotnet.framework.aspnet)
Re: Connection from remote computer to network SQL Server
... There is no firewall on the W2K machine acting as the SQL server. ... I tried making the SQL machine a "trusted" on the router. ... connection works. ... To find the IP address of your computer inside the network, ...
(microsoft.public.access.adp.sqlserver)
ADO.net Orcas Samples Install Problem
... An error has occurred while establishing a connection to the server. ... When connecting to SQL Server 2005, this failure may be caused by the ... SqlInternalConnectionTds connHandler, Boolean ignoreSniOpenTimeout, ... or am I better off with a full SQL Server install. ...
(microsoft.public.dotnet.framework.adonet)
Re: OpenDataSource SQL Server xpress problem
... I tried your suggestions with some success. ... I tried setting up the .odc file through the Word Mail Merge wizard as ... If I work through the dialog to connect and then click the 'Test Connection' ... but I suspect it's because until recently most SQL Server ...
(microsoft.public.word.mailmerge.fields)
Re: Exception trying to import data from Excel .
... An attempt to install Microsoft SQL Server 2005 this week has not gone ... The connection type "EXCEL" specified for connection manager ... to create a connection manager for an unknown connection type. ...
(microsoft.public.sqlserver.tools)