Re: Connection hijacking in SQL Server 2000

From: BP Margolin (bpmargo@attglobal.net)
Date: 06/28/02 

From: "BP Margolin" <bpmargo@attglobal.net>
Date: Fri, 28 Jun 2002 11:53:24 -0400

Bernd,

> The TDS Protocol is open

It's my understanding that Tabular Data Stream (TDS) is not "open". To the
best of my knowledge, Microsoft has never published the details on TDS, and
considers it proprietary.

Can you provide a reference to the contrary?

-------------------------------------------
BP Margolin
Please reply only to the newsgroups.
When posting, inclusion of SQL (CREATE TABLE ..., INSERT ..., etc.) which
can be cut and pasted into Query Analyzer is appreciated.

"Bernd Eckenfels" <ecki-news2002-06@lina.inka.de> wrote in message
news:afgg0h$gk1$1@sapa.inka.de...
> In comp.security.misc Wes Gamble <w.gamble@pentasafe.com> wrote:
> I would assume that an exploiter would have to know the
> > protocol used by SQL Server so that they could construct reasonable
> > looking packets to send to SQL Server.
>
> The TDS Protocol is open so this is not an issue. Highjacking those
> connections would involve eighter spoofing on TCP connections, which
require
> physical access to the network and is hard to achieve if encryption is
> turned on, or you modify the connection pool. I am not sure how much work
> that is, but i simply *asume* you have to be local admin on the machine.
>
> The simplest protection is not to allow untrusted access to your network
or
> clients.
>
> Greetings
> Bernd