Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

Re: [SPAM] Re: Spybot and SQL
From: "Matthew Farrenkopf" <farrenkm () ohsu edu>
Date: Fri, 11 Feb 2005 07:45:35 -0800

Jacek,

(The MSDE engine was installed on two machines for an application
we
use, and the engine is used only locally by the application.  The
thought never crossed my mind that the engine was misconfigured
with a
blank sa password, but on analysis it looks like that's how the
application communicates with the database.  There's no option to
add a
password in the application, so I blocked port 1433 to the outside
world.  Problem solved until we can talk to the vendor.)

<off_topic>
Before the installation you can set up a setup.ini file with 
DISABLENETWORKPROTOCOLS=1 configuration option in it. MSDE will not 
listen to any port, therefore cannot be accessed from the net.
</off_topic>

Best reagards,
m.esco

Regrettably, this is an automated installation system.  It's not like I
was able to install MSDE first myself, then install the application.  It
was all done at once.

Is there any way to disable it after installation?  (I haven't had a
chance to RTFineM, but will go do that as well.)  Right now, I'm
protecting ports with IPSec rules.

Thanks,
Matt



_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


  By Date           By Thread  

Current thread:
  • Re: [SPAM] Re: Spybot and SQL Matthew Farrenkopf (Feb 11)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]