Security question regarding opening of port 1433, 1434 (or whatever SQL 2000/2005 port one assigns to SQL services to listen on).
I'm running in what appears to be paranoid sys admins when it comes to opening up port 1433, 1434 for MS SQL servers. When I ask why, they say it's a big security risk and then reference a SQL worm/security bug in SQL 2000 that happened about 2-3 years ago which has since been patched in SP3 onwards. So I say ok, so it's been patched so why can't the port be open now? Cause it happened once and only compromised very few SQL servers and as of todate, no one can positively suggest that the bug even exposed any useful/sensitive data?
But what I can't really understand, is that sys admins will be ok with opening port 80 for web servers and port 443 for SSL -- these are listening services also, that to my knowledge have the same level of security exposure as port 1433/34. Is it because these services haven't successfully (yet) been crashed to a point of user account exposure? Is that the only reason for the port 1433/34 paranoia?
I realize port 1433/34 are under 24/7 login attempts from drones (have monitored this activity) but other than resources use/traffic, these attempts are pretty useless with appropriate user/password accounts setup on the SQL server.
I'm doing some vulnerability assessments of MS SQLServer installationsusing AppDetective.On doing the "discovery" proble (to find the instances), I find that Iget two "hits" -- port 1433 shows the MS SQALServer instance, but port1434 comes up with MS SQL Server Redirector.The online books seems to be a bit light on waht the use of this portis for.I thought that port 1433 was the port on which SQLServer listens forODBC connections.However, port 1434 seems to be used for the same purpose.Any additional information of a non-technical level (my manager needsto know this and he's not a DBA) is greatly appreciated.Thanks in advance!
I just install a new SQL2005, and I can use SQL Server management studio express connect from remote computer. But I can€™t telnet 1433 to new SQL2005.
Is that because SQL2005 default not enable TCP 1433?
24/7 Production Call Centre server running NT4.0 and SQL 6.5 with all the latest service packs.
SQL mail fails(with dull regularity) and the SQL server services stop.
When the SQL server Services are restarted an error message appears stating that Port 1433 is in use after which nobody can connect via TCP/IP. Obviously the port believes the previous SQL session is still running, and won't release the port to the "New Application requesting it".
On a unix system you can force a port reset so you don't need to shutdown and restart the box. Can you do this from either SQL or NT?
Any solutions would be greatly appreciated the DBA's are 100 Miles from the Servers, so restarts are reliant on other people!
I received the following question from my operations group.
"When accessing a SQL server through a firewall, do you know if both UDP 1433 and TCP 1433 need to be opened?"
I know that TCP 1433 needs to be opened but I hadn't heard of UDP (User Datagram Protocol) until just now. I would assume it also needs to be open but I couldn't find a definite answer any where. Can someone confirm this for me? Thanks!
Does anyone have an idea on why when using IP with port 1433 that on the SQL 2000 Server a bind failure happens on port 1433 and are not able to get to the SQL using IP but you can use Named Pipes.
Hi, I used Microsoft SQL server 2000 on Microsoft Windows Server 2003 for database server and used Redhat Linux Enterprise for Web server.
I wrote the PHP script (on Redhat) connect to database server, its does not work. And then I install freetds on Web server but not work too.
I have problem not be solve... - on Redhat, cannot telnet x.x.x.x 1433 to database server. But telnet to other port is success. - on database server, cannot telnet x.x.x.x 1433 and telnet 127.0.0.1 1433. - between web server and database server can used ping ! - I used command 'netstat -an' on database server is not show for 1433 port.
So, I have 2 laptops, both with standalone SQL Server 2012 Management Studio.
laptop 1 can connect to my remote server on xxx.xxx.xxx.xxx,1433 laptop 2 cannot connect through management studio - but can connect directly from the development website on this machine.
I get error 18456, cannot connect to server and login failed for 'user'
Witam!Mam problem z polaczeniem sie z baza danych po TCP/IP przez port domyslny1433, nie mozna sie telnetowac ani nic z nim zrobic, poprostu niezyje. Portjest zamkniety i nijak nie moge go zmusic do jakiejkolwiek komunikacji nawetpo localhoscie. Skaner portów wykrywa go jako zamkniety. Czy wiecie moze jakten port otworzyc i zmusic go do komunikacji z baza danych? OS win2k3,MSSQL2000 Server.PozdrawiamHello!I have a problem with a TCP/IP connection to Data Base through the 1433port. I cannot telnet on this port even on localhost. My firewalls aredisabled but port scanner see the port as closed. Protocol TCP/IP on theMSSQL Server is enabled and it's not hidden, so I don't know what I shouldto do. My configurations: Win2k3 Server, MSSQL Server 2000Thx for answers.
Been having SQL Server 2000 running for some time now, but recently it stopped listening on TCP port 1433, the log reports its listening on shared memory, Named pipes and Rpc, but no sign of 127.0.0.1 port 1433 or any errors to say why it won't listen.
I've done a netstat -na and nothing else is listening on that port, tried restarting using the enterprise manager, gonna try restarting the entire Server when everyone has gone home, but I'm pretty sure its been restarted recently.
All the other archive logs going back a few days show its not listening.
Yes, I have used the Server network utility to make sure TCP/IP is enabled and set to 1433, even added a comma and 1434 to see if it will listen on multiple ports, no go.
I want to know how to check whether SQL Server 2000 can listen to port 1433 or not. If I run netstat -a, am I suppose to see port 1433 regardless of what service pack I have applied to SQL Server 2000?
for some reason i dont get any errors, but i believe that my server isnot running on port 1433. the tcpip protocol is selected in thenetwork configuration utility as well as name piper. the portselected is 1433. but when i telnet to 1433 i get the same errors as iwould if i telnet to a non existant port. i also tried nbstat with noluck. what else can i do? thanks
Does SQL mobile require port 1433 to be open for RDA? I was under the impression that all synching occured through port 80. But when 1433 is restricted a connection cannot be completed.
I may be missing something really simple. My understanding of tcp/ip networking concepts are not very solid.
I have installed MS server sql 7.0 and 2000 both on my PC. The default port i know is 1433. If sql 7.0 is already installed. Which port does sql 2000 listen on.
I've got SQL 2000 set up on a cluster running Windows 2000 Advanced Server (w/SP1). Setup for Failover Clustering appeared to succeed normally on both nodes.
The SQL 2000 server logs show:
2001-01-11 10:02:57.82 server SuperSocket Info: Bind failed on TCP port 1433. 2001-01-11 10:02:57.85 server SQL server listening on Shared Memory, Named Pipes. 2001-01-11 10:02:57.85 server SQL Server is ready for client connections
I've checked to see if something else is using port 1433 (unlikely) and don't see anything. The physical node that SQL 2000 is currently on has no other cluster resources assigned to it. Any ideas?
Version: SQL SERVER 2012 enterprise edition and SP2.
Due to one of the security reason, I have changed default port 1433 to another port number in configuration manger tools->protocols for MSSQLSERVER->TCP/IP --> IP ALL section mention another port number.
After restarted service, SQL SSMS able to connect server itself and new port number also LISTENING.
But SQL client SSMS not connected to one of the PC side after changing default port.
Hi. I'm a SQL Server novice, so apologies if any of this sounds simple.I am running Windows XP SP2, and have just installed SQLServer 2000. Ineed another application to connect to SQLServer, and am specifying itto do so via localhost:1433, but keep getting an error whenever I trydoing so saying it cannot connect to the database. A colleague of minehas the exact same set up on his machine, and he can connect to SQLServer fine. Running 'netstat -a' at the command line on his machinereveals that the system is listening to port 1433/ms-sql-s. Runningnetstat on my machine shows that the system is not listening to1433/ms-sql-ms. I have checked in Network Config in SQLServerEnterprise Manager, and TCP/IP is set to be using 1433.To confirm this, my application can connect over the network to mycolleague's SQL Server. but he cannot connect over the network to mine.So I'm pretty sure the issue is related to this 1433/ms-sql-s problem.Does anyone know how to resolve this? Many thanks.
HiI have a question regarding the SQL Server(SQL Server 7) port 1433.Some body is trying to hack into our Windows 2000 server through port1433. Is there a way i can close this port? I tried using a toolcalled Ipsecpol.exe ( Internet Protocol Security Policies Tool). Butwhen we run netstat, it still looks like they are able to connect tothe server using port 1433. Has anyone come across this problem? Iwould appreciate it very much if somebody could send in anysuggestions regarding this.Thanks,Ann
i setup a 2 node sql cluster but 1433 is not listening. I check sql configuration manager and entered 1433 for all ip addresses restarted services but still not 1433
I'm working on a completely virgin install of SQL Server 2k in Windows 2003. Just after install I check that the TCP/IP protocol is enabled under the server properties and then I try to Telnet into port 1433. On this one particular box I get back the following:
C:>telnet localhost 1433 Connecting to localhost...Could not open connection to the host, on port 1433: Connect failed.
For comparison I tested telnet on a couple other machines and I get back a blank window ready for my commands, as I'd expect.
I've checked the firewall settings and other IP Filtering settings to see if any of those were blocking traffic to 1433... nothing. I've triple checked the SQL Server settings for any "problems" and nothing jumps out at me.
Hello everyone, I have the sql connection string configured in my web application as data source=(local); provider=sqloledb.1; user id=<<user id>>; password=<<password>>; database=<<database>>
My understanding is that when (local) is used, the connection method will fall to shared memory / named pipes. I have names pipes and TCP/IP enabled in the configuration manager.
My machine is also running Comodo Firewall .
Now this is what is happening. When I try to access the asp.net application, I get a component exception in comodo firewall that indicates w3wp.exe is trying to access the sql server via the machine's IP over port 1433. This happens when I try to load the application in the browser.
What I dont understand is that when (local) is configured, it should only access thru shared memory / named pipes. Why is it trying to connect thru TCP port. Is this because I have the sql username and password? My SQL server is configured for mixed mode authentication.
We have 2 clustered SQL instances (2 physical servers in each cluster). Instance2 needs to be setup as a linked server on Instance1.
At this time port 1433 between them is not open. I am referring to the port on the network switch, not in the Windows Firewall (ports in Windows Firewall are already open).
Is opening the port between virtual IP-s sufficient? Or does port need to be open between all physical source/destination IP-s as well?