Home page logo

basics logo Security Basics mailing list archives

RE: SQL & MSDE and Ports 1433 and 1434
From: Stefan Lister <SLister () ariba com>
Date: Fri, 14 Feb 2003 08:09:34 -0800

As I understand it, if you have an app on a system using MSDE, the system
would be vulnerable to the SQL Slammer worm *if* the app was listening on
port 1434.

A gazillion apps install MSDE when they get installed on a system. A
minority of those apps listen on 1434 - at least that what it looks like
where I work and I've run nmap against most of my subnets looking for
vulnerable machines.

Patch your SQL 2000 systems immediately, run nmap (or whatever you favorite
tool is) against your subnets and a take a nap.

-----Original Message-----
From: Eric Zatko [mailto:EZatko () co lucas oh us] 
Sent: Thursday, February 13, 2003 7:01 AM
To: security-basics () securityfocus com
Subject: RE: SQL & MSDE and Ports 1433 and 1434

Good day all...

Great point H C. I suspected the same thing and have tried that...  After
doing a "netstat -a -n" on the server, I find that it shows the SQLserver
listens on port 1433 (TCP, not UDP). It doesn't show anything listening for
UDP on 1433 or 1434.

I am confused.


H C <keydet89 () yahoo com> Thursday, February 13, 2003 8:39:02 AM >>>
Since it seems that both MS SQL Server and MSDE are
vulnerable to the Slammer exploit (if unpatched), one
would think that the most obvious first approach would
be to see if anything is actually listening on UDP
1434.  Given the issues that can arise w/ a remote
nmap scan of a system, perhaps the most obvious
approach would be to run netstat and/or fport on the
system in question.  This should tell you pretty
definitively whether or not something is even
listening on the port in question.

Do you Yahoo!?
Yahoo! Shopping - Send Flowers for Valentine's Day http://shopping.yahoo.com

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]