| VID |
25017 |
| Severity |
20 |
| Port |
1434 |
| Protocol |
UDP |
| Class |
DB |
| Detailed Description |
The MS SQL Server is running and listens to the SQL Monitor port (1434/UDP). This port is designated as the Microsoft SQL Monitor port and clients will send a message to this port to dynamically discover how the client should connect to the Server. This message is a single byte packet, the byte being 0x02. It helps a remote attacker to collect information about the MS SQL database. This port is dangerous to various buffer overflow attacks too. |
| Recommendation |
Block access from untrusted networks to port 1434/UDP at your network perimeter. |
| Related URL |
CVE-2002-0649,CVE-2002-0729 (CVE) |
| Related URL |
5310 (SecurityFocus) |
| Related URL |
(ISS) |
|
