Many of our users need some form of SQL database. Microsoft SQL is almost always used by Microsoft users. This article will teach you how to troubleshoot Open Microsoft SQL Server issues.
What is an Open Microsoft SQL Server?
Your server runs the Microsoft SQL Server Browser service, which listens on port 1434. If this service is enabled and publicly accessible via the internet, attackers may use it to launch denial of service attacks (an amplification attack using forged UDP packets).
Recommended action
Reconfigure your server so that this service can no longer be used. This can be accomplished by blocking access to port 1434 or by completely disabling the SQL Server Browser service, which should have no impact if only one instance of SQL Server is running.
If you require remote access to your Microsoft SQL Server, configure your firewall to allow only connections from trusted sources.
Disabling Microsoft SQL Browser
To disable the Microsoft SQL Browser, follow the steps below:
1. Open the 'SQL Server Configuration Manager', and select the 'SQL Server Services' tab.
2. Double-click on the ‘SQL Server Browser service’ and a screen will open.
3. On the Log On tab, click on the ‘Stop’ button to stop the service.
4. On the Service tab, the ‘Start’ mode is the only enabled option, this should be changed to ‘Disabled’.
5. If you have a named instance, you must assign it a fixed TCP port for it to be reachable from client machines. You can navigate to the protocols of the SQL Server Network Configuration node in the SQL Server Configuration Manager.
6. Left-click on ‘TCP/IP’ and go to the 'IP Addresses' tab.
You will see several sections, one per IP address defined on your server, including the loopback adapter (127.0.0.1).
7. Choose the IP address of the interface from which the clients access the SQL Server.
If there is a 0 in the TCP Dynamic Ports property, remove it and enter the port you would like to use in the TCP Port property.
8. Restart SQL Server for the changes to take effect.
In the connection string, you must specify which port on the client system is to be accessed by designating the server as follows:
<server_name>,<port> (server name and port name separated by a comma).
For example: SQL1,7500 if you set the TCP port as 7500.
A full connection string example:
Data Source= SQL1,7500;Initial Catalog=YOURDB;
User Id=YOURUSER;Password=YOURPASSWORD;
You can check if the port is still open by using a tool called nmap.
NMAP (Network Mapper) is a well-known open-source application for doing network scans, security auditing, and identifying network infrastructure vulnerabilities. Finding open ports in a network is one of the most well-known uses of NMAP.
Comments
Article is closed for comments.