Connection hijacking in SQL Server 2000

• Previous message: Rick Jones: "Re: Sec. Vulnerability in OpenSSH on HP-UX"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

From: Wes Gamble <w.gamble@pentasafe.com>
Date: Fri, 28 Jun 2002 15:16:19 -0500

All,

Thanks in advance for any help on this.

I am curious to find out if anyone has any good information on
connection hijacking exploits within SQL Server. Assume an
application which uses a connection pooling mechanism to allow for
database access, wherein several connections are opened and then left
open for the use of other clients. The purpose of this is to reduce
the overhead involved in opening/closing many connections.

The connections in the connection pool are authenticated once upon
opening. They are not closed until the application process ends. How
easy is it for someone to "hijack" one of these connections in the
pool. I would assume that an exploiter would have to know the
protocol used by SQL Server so that they could construct reasonable
looking packets to send to SQL Server.

Does anyone have a feel for how easy it is to perform such a
connection hijacking exploit, and what defenses may be mounted against
it? Does a reasonable defense require encryption on every
transmission between the SQL Server client and the SQL Server? Does
it require re-authentication every time? Is there a way to keep the
physical connection open, but re-authenticate with SQL Server?

Hope this makes sense.

Thanks,
Wes Gamble
w.gamble@pentasafe.com

• Next message: chris@nospam.com: "Re: Website Hacking Attempt - letting the IP Block owners know?"
• Previous message: Rick Jones: "Re: Sec. Vulnerability in OpenSSH on HP-UX"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages Re: Error "SQL Server does not allow remote connections" ... The application could not connect to the sql server db. ... network is blocking the connection. ... SqlInternalConnectionTds connHandler, Boolean ignoreSniOpenTimeout, Int64 ... integratedSecurity, SqlConnection owningObject) +737554 ... (microsoft.public.dotnet.framework.aspnet) Re: Connection from remote computer to network SQL Server ... There is no firewall on the W2K machine acting as the SQL server. ... I tried making the SQL machine a "trusted" on the router. ... connection works. ... To find the IP address of your computer inside the network, ... (microsoft.public.access.adp.sqlserver) ADO.net Orcas Samples Install Problem ... An error has occurred while establishing a connection to the server. ... When connecting to SQL Server 2005, this failure may be caused by the ... SqlInternalConnectionTds connHandler, Boolean ignoreSniOpenTimeout, ... or am I better off with a full SQL Server install. ... (microsoft.public.dotnet.framework.adonet) Re: Exception trying to import data from Excel . ... An attempt to install Microsoft SQL Server 2005 this week has not gone ... The connection type "EXCEL" specified for connection manager ... to create a connection manager for an unknown connection type. ... (microsoft.public.sqlserver.tools) Re: SQL Compact Edition - Connection Pool --> Slow! ... You might want to check out my EBook on SQL Server Compact. ... Hitchhiker's Guide to Visual Studio and SQL Server ... and Hitchhiker's Guide to SQL Server 2005 Compact Edition (EBook) ... mind (--> get a connection, use it and release it as soon as possible ... (microsoft.public.sqlserver.ce)