[unisog] scanning for ms sql systems

Valdis.Kletnieks at vt.edu Valdis.Kletnieks at vt.edu
Tue Jan 28 15:38:46 GMT 2003


On Tue, 28 Jan 2003 22:43:31 +1300, Russell Fulton <r.fulton at auckland.ac.nz>  said:
> Hi All,
> 	I first scanned out network (using nmap) for udp 1434 and found it very
> unreliable, both false +ves and -ves.  I then fell back to tcp 1433.
> 
> Does anyone know if this is sufficient to detect a potentially
> vulnerable system -- ie one running either MS SQL of MSDE.

A simple portscan will also catch Unixoid systems running PortSentry if
they have 143[34] in the config file.  These ports are *not* in the stock
config file for PortSentry 1.1.1.

However, you are correct in thinking that if the port isn't open, then the
box in question is not vulnerable.  Did you actually find boxes that had
SQL or MSDE running but no port open?
-- 
				Valdis Kletnieks
				Computer Systems Senior Engineer
				Virginia Tech

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 226 bytes
Desc: not available
Url : http://www.dshield.org/pipermail/unisog/attachments/20030128/03c9d525/attachment-0007.bin


More information about the unisog mailing list