Re: Re SQL Resolution Service
From: bhagya (bbhagya_at_gmail.com)
Date: 07/29/04
- Previous message: Kevin McDonnell [MSFT]: "RE: IPSec policy between webserver and a clustered db server(SQL20"
- In reply to: Sue Hoegemeier: "Re: Re SQL Resolution Service"
- Next in thread: Kevin McDonnell [MSFT]: "Re: Re SQL Resolution Service"
- Reply: Kevin McDonnell [MSFT]: "Re: Re SQL Resolution Service"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: 28 Jul 2004 15:10:45 -0700
I am looking for what are the uses of the resolution service which
runs on UDP 1434 and what commands it takes. I want to look at how did
the slammer worm succeed in triggering the vulnerability. From my
search on the Internet it seems that a command can be sent that starts
with '0x04' followed by some string, which results in opening a
registry entry on the server. What is the purpose of this command? Is
it for creating new named intances? If so, why would you allow anybody
to create new named instance on the server without any authentication?
any thoughts or ideas?
Thanks,
Bhagya
Sue Hoegemeier <Sue_H@nomail.please> wrote in message news:<tg4fg0tm3lodstc7d5cllmj6g5guhh21pt@4ax.com>...
> SQL Resolution Service on UDP 1434 is only used to support
> multi-instances. It's not used with SQL Server 7 as that
> version doesn't support named instances. It's not used by
> the SQL Server instance or directly by clients to connect to
> SQL Server. It's just to enumerate the instances on a server
> and find the listening port for the specific instance.
> If you try to connect to YourServer\YourNamedInstance and
> that's what you specify for the connection, it hits UDP 1434
> to use the SQL Server Resolution Service to find what port
> number YourServer\YourNamedInstance is listening on. You can
> bypass that by specifying the port yourself and then there
> is no need to go through UDP 1434.
>
> -Sue
>
> On Wed, 28 Jul 2004 01:08:02 -0700, SqlJunkies User
> <User@-NOSPAM-SqlJunkies.com> wrote:
>
> >Hi,
> >
> >I am a novice to SQL Server. I work in the area of network
security. In my study of the SQL Slammer/Sapphire worm, I came across
SQL Resolution Service which listens on UDP Port 1434. It seems that
this service is used by clients to get the list of named instances, to
exchange keep-alive messages, and for opening a registry key (the
slammer worm cause). I would like to know what are its other uses and
other acceptable commands by the service. After my futile search on
MSDN I am posting a message here.
> >
> >Any pointers or links regarding this are more than welcome.
> >
> >Thanks in advance,
> >Bhagya
> >
> >---
> >Posted using Wimdows.net NntpNews Component -
> >
> >Post Made from http://www.SqlJunkies.com/newsgroups Our newsgroup engine supports Post Alerts, Ratings, and Searching.
- Previous message: Kevin McDonnell [MSFT]: "RE: IPSec policy between webserver and a clustered db server(SQL20"
- In reply to: Sue Hoegemeier: "Re: Re SQL Resolution Service"
- Next in thread: Kevin McDonnell [MSFT]: "Re: Re SQL Resolution Service"
- Reply: Kevin McDonnell [MSFT]: "Re: Re SQL Resolution Service"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
