Hello
I am new to SQL security.
Some days ago I happened to open my event log and found lots of attacks have
been going on to my SQL server 2005. Maybe for some months. I have been
using firewall and Windows integrated authentication. The attacks might be
not quite successful. Anyway, I changed the SQL server port from 1433 to
something another. Strikingly all the attacks have gone. Now I am curious
why they use port number 1433. Is there any reason to use the port, benefit
or something? Or is there any danger or caution to use something other than
1433?Han
By default sql server uses tcp/ip 1433 port for communication. so it is
quite common to get attack on that port.
VT
"Han" <hp4444@.kornet.net.korea> wrote in message
news:O3yHPmyKHHA.1280@.TK2MSFTNGP04.phx.gbl...
> Hello
> I am new to SQL security.
> Some days ago I happened to open my event log and found lots of attacks
> have been going on to my SQL server 2005. Maybe for some months. I have
> been using firewall and Windows integrated authentication. The attacks
> might be not quite successful. Anyway, I changed the SQL server port from
> 1433 to something another. Strikingly all the attacks have gone. Now I am
> curious why they use port number 1433. Is there any reason to use the
> port, benefit or something? Or is there any danger or caution to use
> something other than 1433?
>|||Thank you for your quick reply, vt.
Yes, 1433 is one of well-known ports. So, what I am asking is, why you
should use the well-known port.
To now one problem I found giving up the 1433 is adding my own port number
to my connection strings.
server=server-name,10001; ...
That's just trivial pain compared with the freedom from lots of ridiculous
attacks. I hope the pain is all I should consider, but I am not sure...
"vt" <vinu.t.1976@.gmail.com> wrote in message
news:uCgwesyKHHA.4992@.TK2MSFTNGP04.phx.gbl...
> Han
> By default sql server uses tcp/ip 1433 port for communication. so it is
> quite common to get attack on that port.
>
> VT
>
>
> "Han" <hp4444@.kornet.net.korea> wrote in message
> news:O3yHPmyKHHA.1280@.TK2MSFTNGP04.phx.gbl...
>|||Han
Well you don't need to take all those hazels of passing port number, you can
configure sql server to use which ever port you want
To do that, if you are using sql 2000
Open sql server network utility under Microsoft SQL Server program group.
Select property of TCP/IP and change the port number there..
thats it , sql srever will start listining to that port
VT
"Han" <hp4444@.kornet.net.korea> wrote in message
news:%23QvONA0KHHA.1424@.TK2MSFTNGP04.phx.gbl...
> Thank you for your quick reply, vt.
> Yes, 1433 is one of well-known ports. So, what I am asking is, why you
> should use the well-known port.
> To now one problem I found giving up the 1433 is adding my own port number
> to my connection strings.
> server=server-name,10001; ...
> That's just trivial pain compared with the freedom from lots of ridiculous
> attacks. I hope the pain is all I should consider, but I am not sure...
> "vt" <vinu.t.1976@.gmail.com> wrote in message
> news:uCgwesyKHHA.4992@.TK2MSFTNGP04.phx.gbl...
>|||Han,
1433 is the default port that SQL Server uses for TCP/IP client
communication. You can configure that to be another port, but hackers
will find them and attempt hacking there too.
I wrote a utility to do a bit of self defense for these hacking attempts.
http://www.creeksolutions.com/Produ...92/Default.aspx
BlockSSHacking runs as a Windows service protecting your SQL Server from
brute force hacking attempts coming from the Internet.
The service checks your system every 5 minutes (configurable setting)
for evidence of ongoing hacking. If such attempts are in progress then
those source addresses are blocked from future access to your server
(quickly leading to you recovering your bandwidth).
BlockSSHacking notifies you via email when it has blocked someone from
hacking your system.
Henrik
Han wrote:
> Hello
> I am new to SQL security.
> Some days ago I happened to open my event log and found lots of attacks ha
ve
> been going on to my SQL server 2005. Maybe for some months. I have been
> using firewall and Windows integrated authentication. The attacks might be
> not quite successful. Anyway, I changed the SQL server port from 1433 to
> something another. Strikingly all the attacks have gone. Now I am curious
> why they use port number 1433. Is there any reason to use the port, benefi
t
> or something? Or is there any danger or caution to use something other tha
n
> 1433?
>
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment