Oracle Consulting Oracle Training Oracle Support Development
Home
Catalog
Oracle Books
SQL Server Books
IT Books
Job Interview Books
eBooks
Rampant Horse Books
911 Series
Pedagogue Books

Oracle Software
image
Write for Rampant
Publish with Rampant
Rampant News
Rampant Authors
Rampant Staff
 Phone
 800-766-1884
Oracle News
Oracle Forum
Oracle Tips
Articles by our Authors
Press Releases
SQL Server Books
image
image

Oracle 11g Books

Oracle tuning

Oracle training

Oracle support

Remote Oracle

STATSPACK Viewer

Privacy Policy

 
   
  SQL Server Tips by Burleson

Port security

SQL Server 2000 by default has two protocols enabled in both the Server Network Utility and the Client Network Utility, they are TCP/IP and Named Pipes.

If the application using SQL Server is running in the same box then the best solution is to remove all protocols (netlibs) in Server Network Utility and the server will automatically use Shared Memory, the client should have set “enable shared memory protocol”. There is a plus: this protocol is the fastest of all.

However, most applications usually run on a computer other than the SQL Server machine, and sometimes only accessible through TCP/IP. The InterNet Assigned Numbers Authority (IANA) assigned port 1433 to Microsoft SQL Server. IANA is the "central coordinator for the assignment of unique parameter values for Internet protocols".

For that reason SQL Server uses 1433 as a default UDP port but it also uses port 1434 as a listener service for multi-instance support.

With the need to audit network resources, tools were developed for various tasks, and an easy one is to enumerate a list of SQL Servers in a network. Either by running Osql –L or sending a broadcast UDP packet to port 1434. ChipAndrews, Rajiv Delwadia and Michael Choi coded SQLPing in C++ after studying the packets during the SQL Server communication process. Interestingly, they also found some vulnerabilties in the server dealing with the packets; some specially crafted packets could cause a Denial Of Service (DOS), buffer overflows or heap overflows.

SQLPing retrieves information about a server:
ServerName:SQLSERVERBOX
InstanceName:MSSQLSERVER
IsClustered:No
Version:8.00.194
tcp:1433

The version details are not correct but a list of the returned values and the corresponding real ones is easy to obtain with simple examination. Still, the older the version, the most vulnerable it is. Known exploits, not patched, are easy targets. If the server uses named pipes over NetBIOS there is the possibility of ports 139 and 445 being targeted as well. If the named pipes protocol is not used, then you should disable it as an extra precaution.

The above book excerpt is from:

Super SQL Server Systems
Turbocharge Database Performance with C++ External Procedures

ISBN: 0-9761573-2-2
Joseph Gama, P. J. Naughter

 http://www.rampant-books.com/book_2005_2_sql_server_external_procedures.htm  

Linux Oracle commands syntax poster

ION Oracle tuning software

Oracle data dictionary reference poster



Oracle Forum

BC Oracle consulting support training

BC remote Oracle DBA   

 

   

 Copyright © 1996 -2017 by Burleson. All rights reserved.


Oracle® is the registered trademark of Oracle Corporation. SQL Server® is the registered trademark of Microsoft Corporation. 
Many of the designations used by computer vendors to distinguish their products are claimed as Trademarks
 

Hit Counter