?
Solved

Sqlbrowser.exe is trying to receive a connection from the internet

Posted on 2009-04-10
17
Medium Priority
?
2,055 Views
Last Modified: 2013-12-24
I have Firewall COMODO and just got a message I think I never received:

Sqlbrowser.exe is trying to receive a connection from the internet

The only difference I can say its that I am in Dial-up connection and my regular connection is DSL.

Why would my SQL (v2000) is receiving a connection from Internet and I have no recent install (maybe AVG 8.0)?
0
Comment
Question by:rayluvs
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 7
  • 6
  • 4
17 Comments
 
LVL 27

Accepted Solution

by:
Chris Luttrell earned 1000 total points
ID: 24120853
In general we do not have SQL Server Browser running on any box exposed to the internet.  It has been a security risk in the past as malicous hackers commonly scan the web for responses from this request to see what databases they can try to attack.
The bellow is from 2005 BOL which explains what the Browser service is.  It replace a similar service in 2000.
"SQL Server Browser runs as a Windows service on the server. SQL Server Browser listens for incoming requests for SQL Server resources and provides information about SQL Server instances that are installed on the computer. SQL Server Browser contributes to three actions:
*Browsing a list of available servers
*Connecting to the correct server instance
*Connecting to Dedicated Administrator Connection (DAC) endpoints
For each instance of the Database Engine, the SQL Server Browser service (sqlbrowser) provides the instance name and the version number."
See full article at http://msdn.microsoft.com/en-us/library/ms165724%28SQL.90%29.aspx and pay special attention to the Security section.
HTH
0
 
LVL 70

Expert Comment

by:Qlemo
ID: 24121379
As long as you have a single MSSQL instance running, you do not need SQL Browser service. And as already stated, it is a common attack target, so it is better to block the 1434/udp port or stop the service.
The difference between DSL and dial-in is that you are not exposed directly to the internet with DSL (the router is, in fact). With dial-in, you are exposed, and each attack is performed against your computer.


0
 

Author Comment

by:rayluvs
ID: 24122170
ok...couple of questions:

1. If I have just one sql instance in my PC the its correct to disable or turn off SQL Browser service?

2. SQL Browser service is when more than one instance is running in my pc....what about when i'm at my office connected to my lan, and i have to connect office sql, do i still need SQL Browser service running?

3. Last, how do I block port 1434 and how do I know that SQL Browser service is using that port?
0
The Ideal Solution for Multi-Display Applications

Check out ATEN’s VS1912 12-Port DP Video Wall Media Player at InfoComm 2017. Kerri describes how easy it is to design creative video walls in asymmetric layouts and schedule detailed playlists ahead of time with its advanced scheduling feature.

 
LVL 70

Assisted Solution

by:Qlemo
Qlemo earned 1000 total points
ID: 24122216
1. yes
2. SQL Browser service is only responsible for the instances on the box it is running on. It does not need to run on client side, at most on server side.
3. port 1434/udp is defined to be the Browser port. It can be changed, but that would need to adapt each client, too, as by convention that port has to be known by all sides (obviously).

To give you a bit more information about the process:
  • First instance (in most cases unnamed) reserves the standard port 1433/tcp for connections.
  • SQL Browser listens on port 1434/udp
  • Second instance is trying to open the port 1433 - but it is reserved for the other instance, so it is selecting a dynamic port. If a dynamic port has been chosen previously (the service is restarted, for example), that port is tried to use again. The server might try several ports, until it succeeds to open one, and that port is reserved, entered in registry, and committed to the SQL Browser service.
  • If a client connects, it tries port 1434/udp to ask for ports, and simultanously queries the standard port 1433 (to speed up connections this is done immediately).
0
 
LVL 27

Expert Comment

by:Chris Luttrell
ID: 24122257
The easiest way to turn off SQL Browser on you machine is to go into SQL Server Configuration Manager set the Start Mode to disabled on the Service Tab and then Stop the service back on the first tab (Log On).
SQLBrowserProperties.png
0
 

Author Comment

by:rayluvs
ID: 24122274
Great info!!!

I have SQL 2000, I can't find SQL Server Configuration Manager; where is it?
0
 

Author Comment

by:rayluvs
ID: 24122282
Ok...I found a service in Services; I assume that's the service I should disable.

??
0
 

Author Comment

by:rayluvs
ID: 24122287
SQL Server Browser
0
 
LVL 70

Expert Comment

by:Qlemo
ID: 24122295
Yes!!!
0
 
LVL 27

Expert Comment

by:Chris Luttrell
ID: 24122298
Sorry, forgot you were on 2000.  Let me look at a 2000 box.
0
 
LVL 27

Expert Comment

by:Chris Luttrell
ID: 24122307
Thanks Qlemo all my normal machines are 2005 and 2008.
0
 
LVL 70

Expert Comment

by:Qlemo
ID: 24122312
... and I cannot find something similar on MSSQL 2000, besides the "Service Manager" running in Systray (if used ...).
0
 

Author Comment

by:rayluvs
ID: 24122344
Ok thanx...I did it.

Unfortunately, I do have 2 instance...I have SQL 2000 my everyday work area and another SQL 2005 for some demo software I need from time to time.

What u recommended?
0
 
LVL 70

Expert Comment

by:Qlemo
ID: 24122361
If you want to stick on switching off SQL Browser service, you can used fixed ports. In MSSQL 2005 Configuration Manager, on properties of TCP connections, set a fixed port in the last available field. Use that port in each connection string, e.g.
  localhost\mssql2005,12345
where mssql2005 is the instance, 12345 the port.

0
 

Author Comment

by:rayluvs
ID: 24122462
Ok...what about in SQL 2000 (the one I have)?
0
 
LVL 70

Expert Comment

by:Qlemo
ID: 24122469
It should use the standard port 1433. If it is reversed (2005 using standard port, 2000 dynamic one), you have to go into the Server Network Connection utility to set a fixed port.
0
 

Author Comment

by:rayluvs
ID: 24122494
ok thanx...Well Experts u have answered excellent my question!
0

Featured Post

Does Your Cloud Backup Use Blockchain Technology?

Blockchain technology has already revolutionized finance thanks to Bitcoin. Now it's disrupting other areas, including the realm of data protection. Learn how blockchain is now being used to authenticate backup files and keep them safe from hackers.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In this blog post, we’ll look at how ClickHouse performs in a general analytical workload using the star schema benchmark test.
In this article, I’ll look at how you can use a backup to start a secondary instance for MongoDB.
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…
In this video, Percona Solutions Engineer Barrett Chambers discusses some of the basic syntax differences between MySQL and MongoDB. To learn more check out our webinar on MongoDB administration for MySQL DBA: https://www.percona.com/resources/we…
Suggested Courses

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question