Looking for Rogue SQL Servers on network..... > Discussions

July 30, 2010 Login |

Home
FAQs
       SQL Server FAQ
       SQL Injection FAQ
       SQL Security Checklist
       SQL Server-Related Products
       SQL Server/MSDE-Based Applications
       SQL Server Version Database
Tools
       Lockdown Script
       Free Tools
       Free Analysis
       Group Policy Templates
       Commercial Tools
Community
       Discussions
       Links
About
Search

SQL Security Forums

Note: SQLSecurity.com does not allow nor require registration due to privacy concerns for users. SQLSecurity.com is open and anonymous for all. Please report any abuse or profanity.

Unanswered

Active Topics

Forums

Forums > Discussions > SQL Server Security

Subject: Looking for Rogue SQL Servers on network.....

Prev Next

Add Reply

Author

Messages

Jim Walker

01/06/2003 7:15 AM	Quote Reply Alert
Hello, The SQL Admin team with my organization has been tasked with locating and "locking down" any rogue SQL installations that are found on the network. These rogue servers are created by developers, admins, off the shelf apps installing SQL in the back ground, etc. I've looked at SQL ping and while it is a good tool, it isn't effective in this case as many of the SQL servers are running Windows 2000 and may not be on port 1433. I've been looking at the command line utilities isql and osql, but they don't seem to catch all the servers on the network (ie. one node of a cluster configuration. Both nodes are running SQL resources). Does anyone out there have any ideas or experience doing this sort of thing? I'd like to nail down a method that is quick, not very network intensive that can catch all of the SQL installs running at that time. Thanks!

Chip Andrews

01/06/2003 11:28 AM	Quote Reply Alert
Jim - I commend you for taking on the task of tracking down these SQL Servers! That said - I'm bit confused as you why you are not having success tracking down rogue SQL Servers with SQLPing (as I have had great success with it). Keep in mind that SQLPing can find an instance of SQL Server 2000 even if it is not listening on TCP 1433. That is because SQLPing does not scan TCP ports (although SQLPing2 does have that additional capability). SQLPing queries the SQL Resolution Service listening on ALL SQL Server 2000 installations on UDP 1434 (unless all netlibs have been removed or it is filtered). Also, if you know the broadcast address of your subnet (192.168.1.255 for example), you can SQLPing that address and ANY server on that subnet running SQLServer 2000 should reply. Please feel free to write me if you have any questions or need additional help. If you want a commercial tool then both SQLSquirrel (NGSSOFTWARE.COM) and AppDetective (APPSECINC.COM) have tools that incorporate the same functionality as SQLPing with additional scanning and reporting capabilities.

Jim Walker

01/08/2003 8:45 AM	Quote Reply Alert
Thanks for your responce. You're right, upon further investigation the SQL ping utility will do the trick. Thanks again! Jim

TKelley

01/17/2003 3:25 PM	Quote Reply Alert
Will this work for 7.0 as well?

Chip Andrews

01/17/2003 4:15 PM	Quote Reply Alert
No - SQLPING only works on SQL 2000 but it will show instances of SQL Server 7 if an instance of SQL Server 2000 also exists on the same machine.

Add Reply

Forums > Discussions > SQL Server Security > Looking for Rogue SQL Servers on network.....

Quick Reply

Username:
Subject:
Body:

ActiveForums 3.6