Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

Re: [SPAM] Re: [SPAM] Re: Spybot and SQL
From: Jacek Barcikowski <m.esco () wp pl>
Date: Fri, 11 Feb 2005 23:04:17 +0100

Matthew Farrenkopf wrote:
> Jacek,
>
>
>>>(The MSDE engine was installed on two machines for an application
>
> we
>
>>>use, and the engine is used only locally by the application.  The
>>>thought never crossed my mind that the engine was misconfigured
>
> with a
>
>>>blank sa password, but on analysis it looks like that's how the
>>>application communicates with the database.  There's no option to
>
> add a
>
>>>password in the application, so I blocked port 1433 to the outside
>>>world.  Problem solved until we can talk to the vendor.)
>>
>><off_topic>
>>Before the installation you can set up a setup.ini file with
>>DISABLENETWORKPROTOCOLS=1 configuration option in it. MSDE will not
>>listen to any port, therefore cannot be accessed from the net.
>></off_topic>
>>
>>Best reagards,
>>m.esco
>
>
> Regrettably, this is an automated installation system.  It's not like I
> was able to install MSDE first myself, then install the application.  It
> was all done at once.
>
> Is there any way to disable it after installation?  (I haven't had a
> chance to RTFineM, but will go do that as well.)  Right now, I'm
> protecting ports with IPSec rules.

You can run svrnetcn.exe from command line and then disable TCP/IP from enabled protocols list.

Here is also a great article about MSDE configuration:

http://www.codeproject.com/database/ConfigureMSDE.asp

Best regards,
Jacek Barcikowski

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


  By Date           By Thread  

Current thread:
  • Re: [SPAM] Re: [SPAM] Re: Spybot and SQL Jacek Barcikowski (Feb 11)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault