W2K netstat detects port 1433 is listenning but fport does NOT..., can't start mission critical sql server !!!

From: SammyBar (sammybar_at_gmail.com)
Date: 10/14/05

  • Next message: David H. Lipman: "Re: W2K netstat detects port 1433 is listenning but fport does NOT..., can't start mission critical sql server !!!"
    Date: Fri, 14 Oct 2005 13:20:19 -0500
    
    

    Hi all,

    I have a problem with my Sql Server 2000 server. A malware captured the 1433
    port when we restarted the SQL Server service. Now we have some users (that
    uses TCP/IP to connect to the server instead named pipes) that can not
    access to the server. The server is mission critical, can not be reset until
    midnight to eliminate the virus. We want to kill the malware process but we
    can not get the process id of the malware. We tryed with fport last version
    downloaded from Foundstone but it does't lists the 1433 port as being in
    use. But netstat -an clearly shows the 1433 port is listening. The Sql
    Server Log says it could not be binded to 1433. So is it possible fport
    fails to detect a process? Which other way can I use to detect the process
    id of the malware apart of fport?

    Thanks in advance
    Sammy


  • Next message: David H. Lipman: "Re: W2K netstat detects port 1433 is listenning but fport does NOT..., can't start mission critical sql server !!!"

    Relevant Pages

    • Re: SQL2005: Cannot connect error 11001
      ... The famous Windows Firewall (turned on my Server from which I'm trying to ... Exception Details: System.Data.SqlClient.SqlException: Login failed for user ... Try starting the SQL Server ... if you changed the port ...
      (microsoft.public.sqlserver.connect)
    • Re: Failed connections to remote 2k SQL Server
      ... It could be a port issue - that would be my first guess. ... you need to open up UDP 1434 for SQL Server name ... TCP Ports Needed for Communication to SQL Server ... >server's network utility, and client network utility, and ensured that they ...
      (microsoft.public.sqlserver.setup)
    • Re: Connecting to an instance in a cluster
      ... Each virtual server has its own IP address so you can reuse port numbers between instances. ... Microsoft SQL Server MVP ... "Geoff N. Hiten" wrote: ...
      (microsoft.public.sqlserver.clustering)
    • Re: hack using xp_cmdshell
      ... I'm no security expert, so please forgive if I'm not using the right ... install SQL Server in Windows Only mode and then Switch down to Mixed mode, ... Is the SQL Server instance a default instance? ... > port 65300, which has never been open on my firewall. ...
      (microsoft.public.sqlserver.server)
    • Re: Failed connections to remote 2k SQL Server
      ... > It could be a port issue - that would be my first guess. ... you need to open up UDP 1434 for SQL Server name ... TCP Ports Needed for Communication to SQL Server ... >>server's network utility, and client network utility, and ensured that they ...
      (microsoft.public.sqlserver.setup)