mailing list archives
RE: SQL & MSDE and Ports 1433 and 1434
From: Stefan Lister <SLister () ariba com>
Date: Fri, 14 Feb 2003 08:09:34 -0800
As I understand it, if you have an app on a system using MSDE, the system
would be vulnerable to the SQL Slammer worm *if* the app was listening on
A gazillion apps install MSDE when they get installed on a system. A
minority of those apps listen on 1434 - at least that what it looks like
where I work and I've run nmap against most of my subnets looking for
Patch your SQL 2000 systems immediately, run nmap (or whatever you favorite
tool is) against your subnets and a take a nap.
From: Eric Zatko [mailto:EZatko () co lucas oh us]
Sent: Thursday, February 13, 2003 7:01 AM
To: security-basics () securityfocus com
Subject: RE: SQL & MSDE and Ports 1433 and 1434
Good day all...
Great point H C. I suspected the same thing and have tried that... After
doing a "netstat -a -n" on the server, I find that it shows the SQLserver
listens on port 1433 (TCP, not UDP). It doesn't show anything listening for
UDP on 1433 or 1434.
I am confused.
H C <keydet89 () yahoo com> Thursday, February 13, 2003 8:39:02 AM >>>
Since it seems that both MS SQL Server and MSDE are
vulnerable to the Slammer exploit (if unpatched), one
would think that the most obvious first approach would
be to see if anything is actually listening on UDP
1434. Given the issues that can arise w/ a remote
nmap scan of a system, perhaps the most obvious
approach would be to run netstat and/or fport on the
system in question. This should tell you pretty
definitively whether or not something is even
listening on the port in question.
Do you Yahoo!?
Yahoo! Shopping - Send Flowers for Valentine's Day http://shopping.yahoo.com