Hi,
I am a novice to SQL Server. I work in the area of network security. In my s
tudy of the SQL Slammer/Sapphire worm, I came across SQL Resolution Service
which listens on UDP Port 1434. It seems that this service is used by client
s to get the list of named
instances, to exchange keep-alive messages, and for opening a registry key (
the slammer worm cause). I would like to know what are its other uses and ot
her acceptable commands by the service. After my futile search on MSDN I am
posting a message here.
Any pointers or links regarding this are more than welcome.
Thanks in advance,
Bhagya
Posted using Wimdows.net NntpNews Component -
Post Made from http://www.SqlJunkies.com/newsgroups Our newsgroup engine sup
ports Post Alerts, Ratings, and Searching.SQL Resolution Service on UDP 1434 is only used to support
multi-instances. It's not used with SQL Server 7 as that
version doesn't support named instances. It's not used by
the SQL Server instance or directly by clients to connect to
SQL Server. It's just to enumerate the instances on a server
and find the listening port for the specific instance.
If you try to connect to YourServer\YourNamedInstance and
that's what you specify for the connection, it hits UDP 1434
to use the SQL Server Resolution Service to find what port
number YourServer\YourNamedInstance is listening on. You can
bypass that by specifying the port yourself and then there
is no need to go through UDP 1434.
-Sue
On Wed, 28 Jul 2004 01:08:02 -0700, SqlJunkies User
<User@.-NOSPAM-SqlJunkies.com> wrote:
>Hi,
>I am a novice to SQL Server. I work in the area of network security. In my study of
the SQL Slammer/Sapphire worm, I came across SQL Resolution Service which listens o
n UDP Port 1434. It seems that this service is used by clients to get the list of na
med
instances, to exchange keep-alive messages, and for opening a registry key (the slammer worm
cause). I would like to know what are its other uses and other acceptable commands by the s
ervice. After my futile search on MSDN I am posting a message here.
>Any pointers or links regarding this are more than welcome.
>Thanks in advance,
>Bhagya
>--
>Posted using Wimdows.net NntpNews Component -
>Post Made from http://www.SqlJunkies.com/newsgroups Our newsgroup engine supports P
ost Alerts, Ratings, and Searching.|||I am looking for what are the uses of the resolution service which
runs on UDP 1434 and what commands it takes. I want to look at how did
the slammer worm succeed in triggering the vulnerability. From my
search on the Internet it seems that a command can be sent that starts
with '0x04' followed by some string, which results in opening a
registry entry on the server. What is the purpose of this command? Is
it for creating new named intances? If so, why would you allow anybody
to create new named instance on the server without any authentication?
any thoughts or ideas?
Thanks,
Bhagya
Sue Hoegemeier <Sue_H@.nomail.please> wrote in message news:<tg4fg0tm3lodstc7d5cllmj6g5guhh21
pt@.4ax.com>...[vbcol=seagreen]
> SQL Resolution Service on UDP 1434 is only used to support
> multi-instances. It's not used with SQL Server 7 as that
> version doesn't support named instances. It's not used by
> the SQL Server instance or directly by clients to connect to
> SQL Server. It's just to enumerate the instances on a server
> and find the listening port for the specific instance.
> If you try to connect to YourServer\YourNamedInstance and
> that's what you specify for the connection, it hits UDP 1434
> to use the SQL Server Resolution Service to find what port
> number YourServer\YourNamedInstance is listening on. You can
> bypass that by specifying the port yourself and then there
> is no need to go through UDP 1434.
> -Sue
> On Wed, 28 Jul 2004 01:08:02 -0700, SqlJunkies User
> <User@.-NOSPAM-SqlJunkies.com> wrote:
>
security. In my study of the SQL Slammer/Sapphire worm, I came across
SQL Resolution Service which listens on UDP Port 1434. It seems that
this service is used by clients to get the list of named instances, to
exchange keep-alive messages, and for opening a registry key (the
slammer worm cause). I would like to know what are its other uses and
other acceptable commands by the service. After my futile search on
MSDN I am posting a message here.[vbcol=seagreen]|||The internals of the Listener service are not available. Documentation on
the how the Listener service works with SQL
is included in SQL Books Online.
Thanks,
Kevin McDonnell
Microsoft Corporation
This posting is provided AS IS with no warranties, and confers no rights.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment