SQL and Port 1433

Steve R Jones · 2005/02/09

Some Facts:
The software that my company makes and I support uses SQL. The software installs MSDE which we are using.

All the machines in my office use static IP’s so that we can net meet/use remote software with our clients etc..

I have a great little freeware that I highly recommend:

CurrPorts

"Allows you to view a list of ports that are currently in use, and the application that is using it. You can close a selected connection and also terminate the process using it, and export all or selected items to a HTML or text report. Additional information includes the local port name, local/remote IP address, highlighted status changes and more. "

The Problem:
On several machines, Port 1433 is getting hammered by outside sources attempting to hack in. The CurrPorts Program will sometime list as many as 150 connection "attempts" all at the same time trying to get in. Other times I sit there and watch the Remote Port from the outside source roll through hundreds of attempts trying to connect. These attempts eat the life out of the pc/network connections and makes using our software almost impossible.

Iâ€™ve managed to use SVRNETCN.exe on our Win2k machines and changed our port 1433 to 2090. This works but has some draw backs with the backup utility. The server is no longer (local) and is changed to xx.xxx.xxx.xxx,2090. I'm going to try it on our XP machines. This is a minor draw back that we might have to live with.

Was wondering if anyone have any thoughts/ideas on this?

Crack · 2005/02/09

If the SQL server is on the same LAN as the machines connecting to it, you can block that port on the WAN side of your router/firewall. If the server is on a different LAN, more info is needed on what you use to connect to the SQL server.

Steve R Jones · 2005/02/09

Thanks for the reply.

Each machine is running MSDE and is it's own local server.

We also have the capibilty with in the accounting software to "set database." We input one our clients IP's & database names and can connect to their database to troubleshoot their accounting issue.

So I have to be carefull not to kill the ability to get in and out. Just trying to keep others from getting in. The (local) 'sa' user password manages to keep the outside sources from getting in.

Crack · 2005/02/09

You will need to filter ports 1433 and 1434 at the firewall/router. Still need more info on what you are using between your lan and the Internet.

ReggieB · 2005/02/09

If there are a limited number of client IP addresses, you should be able to set a firewall rule so that only those IP addresses can access port 1433. If your firewall won't do that, you need a better firewall.

Personally having only your sa password between you and these attacks would make me very nervous. This is calling out for VPN.

Steve R Jones · 2005/02/10

Thanks guys. We get our ISP service from the building we're in so I can't control the router. And we're using Zone alarm... I do have a $400 hardware firewall sitting in a box....That's a whole other story.

Crack · 2005/02/10

I would contact your ISP about the issue. You have probably read about the worm that scans for those ports and can infect machines by brute forcing the password. You may be infected already. Your ISP may be able to do something for you if you have no control over how you access the Internet.

Log in or Sign up

SQL and Port 1433

Steve R Jones SuperGeek Staff Thread Starter

Crack Inactive

Steve R Jones SuperGeek Staff Thread Starter

Crack Inactive

ReggieB Inactive Alumni

Steve R Jones SuperGeek Staff Thread Starter

Crack Inactive

Share This Page

Log in or Sign up

SQL and Port 1433

Steve R Jones SuperGeek Staff Thread Starter

Crack Inactive

Steve R Jones SuperGeek Staff Thread Starter

Crack Inactive

ReggieB Inactive Alumni

Steve R Jones SuperGeek Staff Thread Starter

Crack Inactive

Share This Page

Useful Searches