Re: Netstat shows Port 1433 Activity
From: Kevin McDonnell [MSFT] (kevmc_at_online.microsoft.com)
Date: Tue, 13 Jul 2004 18:34:47 GMT
At the time I ran TCPView, instead of the usual connections on port
1433, there were many (about 25) established connections on port 1025,
some from IP addresses on the server that should not be establishing
connections. All of these were associated with msdtc.exe. I killed a
couple of these processes. When I killed the 2nd all the remaining
disappeared. What does this indicate?
*** MSDTC is used for Distributed Transactions. If the IP address is not
from a machine
that you "Trust" , then this machine should be blocked.
When I have observed many connections on port 1433 the state is usually
WAIT_STATE or FIN_2 something.
*** TCP sessions have various states. FIN, TIME_WAIT are all valid states.
137984 TCP Connection States and Netstat Output
The server is a leased server at an ISP (Interland) that I administer
remotely via Terminal Services. There are 2 NICs: 1 to their LAN and 1
to the Internet.
*** Your provider should also have Firewall to prevent machines
from establishing connections. If they don't you should seriously consider
Publishing SQL from ISA Server.
For firewall I hoped to use IPSEC. I assume that 'Standard SQL
Security' means the same to you as to me (passwords, limit user
capabilities) and the answer is Yes.
*** If you only have certain valid clients that should be connecting to
your SQL Server
accross the internet, then IPSEc or a VPN could be used. Otherwise, since
is open and using Standard Security, you'll be open to password guessing
If the connection state is not "ESTABLISHED' does that mean that other
devices are attempting to connect unsuccessfully? Could these be port
scanner viruses or similar?
*** See TCP Connection States kb.
The msdtc.exe ESTABLISHED connections caused me more concern. Does that
mean my server and another device were 'handshaking' or exchanging
*** If your SQL Server is not using Distributed Transactions, Stop the
MSDTC Server Service.
This posting is provided AS IS with no warranties, and confers no rights.