Solved

Sqlbrowser.exe is trying to receive a connection from the internet

Posted on 2009-04-10
17
2,014 Views
Last Modified: 2013-12-24
I have Firewall COMODO and just got a message I think I never received:

Sqlbrowser.exe is trying to receive a connection from the internet

The only difference I can say its that I am in Dial-up connection and my regular connection is DSL.

Why would my SQL (v2000) is receiving a connection from Internet and I have no recent install (maybe AVG 8.0)?
0
Comment
Question by:rayluvs
  • 7
  • 6
  • 4
17 Comments
 
LVL 26

Accepted Solution

by:
Chris Luttrell earned 250 total points
ID: 24120853
In general we do not have SQL Server Browser running on any box exposed to the internet.  It has been a security risk in the past as malicous hackers commonly scan the web for responses from this request to see what databases they can try to attack.
The bellow is from 2005 BOL which explains what the Browser service is.  It replace a similar service in 2000.
"SQL Server Browser runs as a Windows service on the server. SQL Server Browser listens for incoming requests for SQL Server resources and provides information about SQL Server instances that are installed on the computer. SQL Server Browser contributes to three actions:
*Browsing a list of available servers
*Connecting to the correct server instance
*Connecting to Dedicated Administrator Connection (DAC) endpoints
For each instance of the Database Engine, the SQL Server Browser service (sqlbrowser) provides the instance name and the version number."
See full article at http://msdn.microsoft.com/en-us/library/ms165724%28SQL.90%29.aspx and pay special attention to the Security section.
HTH
0
 
LVL 68

Expert Comment

by:Qlemo
ID: 24121379
As long as you have a single MSSQL instance running, you do not need SQL Browser service. And as already stated, it is a common attack target, so it is better to block the 1434/udp port or stop the service.
The difference between DSL and dial-in is that you are not exposed directly to the internet with DSL (the router is, in fact). With dial-in, you are exposed, and each attack is performed against your computer.


0
 

Author Comment

by:rayluvs
ID: 24122170
ok...couple of questions:

1. If I have just one sql instance in my PC the its correct to disable or turn off SQL Browser service?

2. SQL Browser service is when more than one instance is running in my pc....what about when i'm at my office connected to my lan, and i have to connect office sql, do i still need SQL Browser service running?

3. Last, how do I block port 1434 and how do I know that SQL Browser service is using that port?
0
 
LVL 68

Assisted Solution

by:Qlemo
Qlemo earned 250 total points
ID: 24122216
1. yes
2. SQL Browser service is only responsible for the instances on the box it is running on. It does not need to run on client side, at most on server side.
3. port 1434/udp is defined to be the Browser port. It can be changed, but that would need to adapt each client, too, as by convention that port has to be known by all sides (obviously).

To give you a bit more information about the process:
  • First instance (in most cases unnamed) reserves the standard port 1433/tcp for connections.
  • SQL Browser listens on port 1434/udp
  • Second instance is trying to open the port 1433 - but it is reserved for the other instance, so it is selecting a dynamic port. If a dynamic port has been chosen previously (the service is restarted, for example), that port is tried to use again. The server might try several ports, until it succeeds to open one, and that port is reserved, entered in registry, and committed to the SQL Browser service.
  • If a client connects, it tries port 1434/udp to ask for ports, and simultanously queries the standard port 1433 (to speed up connections this is done immediately).
0
 
LVL 26

Expert Comment

by:Chris Luttrell
ID: 24122257
The easiest way to turn off SQL Browser on you machine is to go into SQL Server Configuration Manager set the Start Mode to disabled on the Service Tab and then Stop the service back on the first tab (Log On).
SQLBrowserProperties.png
0
 

Author Comment

by:rayluvs
ID: 24122274
Great info!!!

I have SQL 2000, I can't find SQL Server Configuration Manager; where is it?
0
 

Author Comment

by:rayluvs
ID: 24122282
Ok...I found a service in Services; I assume that's the service I should disable.

??
0
 

Author Comment

by:rayluvs
ID: 24122287
SQL Server Browser
0
What Security Threats Are You Missing?

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

 
LVL 68

Expert Comment

by:Qlemo
ID: 24122295
Yes!!!
0
 
LVL 26

Expert Comment

by:Chris Luttrell
ID: 24122298
Sorry, forgot you were on 2000.  Let me look at a 2000 box.
0
 
LVL 26

Expert Comment

by:Chris Luttrell
ID: 24122307
Thanks Qlemo all my normal machines are 2005 and 2008.
0
 
LVL 68

Expert Comment

by:Qlemo
ID: 24122312
... and I cannot find something similar on MSSQL 2000, besides the "Service Manager" running in Systray (if used ...).
0
 

Author Comment

by:rayluvs
ID: 24122344
Ok thanx...I did it.

Unfortunately, I do have 2 instance...I have SQL 2000 my everyday work area and another SQL 2005 for some demo software I need from time to time.

What u recommended?
0
 
LVL 68

Expert Comment

by:Qlemo
ID: 24122361
If you want to stick on switching off SQL Browser service, you can used fixed ports. In MSSQL 2005 Configuration Manager, on properties of TCP connections, set a fixed port in the last available field. Use that port in each connection string, e.g.
  localhost\mssql2005,12345
where mssql2005 is the instance, 12345 the port.

0
 

Author Comment

by:rayluvs
ID: 24122462
Ok...what about in SQL 2000 (the one I have)?
0
 
LVL 68

Expert Comment

by:Qlemo
ID: 24122469
It should use the standard port 1433. If it is reversed (2005 using standard port, 2000 dynamic one), you have to go into the Server Network Connection utility to set a fixed port.
0
 

Author Comment

by:rayluvs
ID: 24122494
ok thanx...Well Experts u have answered excellent my question!
0

Featured Post

Enabling OSINT in Activity Based Intelligence

Activity based intelligence (ABI) requires access to all available sources of data. Recorded Future allows analysts to observe structured data on the open, deep, and dark web.

Join & Write a Comment

Many companies are looking to get out of the datacenter business and to services like Microsoft Azure to provide Infrastructure as a Service (IaaS) solutions for legacy client server workloads, rather than continuing to make capital investments in h…
PRTG Network Monitor lets you monitor your bandwidth usage, so you know who is using up your bandwidth, and what they're using it for.
Using examples as well as descriptions, and references to Books Online, show the documentation available for datatypes, explain the available data types and show how data can be passed into and out of variables.
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

760 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

22 Experts available now in Live!

Get 1:1 Help Now