[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now


how to hide MS SQL Server 2008 ports from the Sniffers

Posted on 2011-10-23
Medium Priority
Last Modified: 2012-08-13
am running SQL Server 2008 over a Win 2008 server.

i think 1431 or near by no ports are used to TCP access to SQL Database.

how we can hide These ports from the Sniffer to even see them.

can something be done from Firewall or Server itself

Servers are in LAN zone it self and sniffer is also running on same switch
Question by:osloboy
  • 3
  • 2

Expert Comment

ID: 37014523
Well it sounds like you are asking if you can block SQL service ports from being scanned on the same subnet as a port scanner?
If so, this is exactly the relationship between security and access - the more access you have to a system, the less overall secure it will be.
In terms of blocking the port from nodes on the same subnet, if you do NOT need network access to the SQL server (your accessing application is on the same server) you can disable network access to the service within SQL server.
If you are wanting to block the 1431 port to outside the subnet than your router should be able to do this with ease

Author Comment

ID: 37014638
not SCAN, if i run TCP DUMP in Linux Server and try tp see traffic in and out from the SQL SERVER.

point is can Admin stop Traffic track to appear in TCP DUMP.

this SQL server is used by Web Users and few users access it though a customized APP locally

Accepted Solution

vaderj earned 1500 total points
ID: 37014676
So if I understand what your asking, you are wanting to know why the switch, which is supposed to route frames only to their destination, is allowing you to sniff packets from a location other than the destination?
If so, its possible you are seeing broadcast packets perhaps

Author Comment

ID: 37014788
LAST LINE is nearer,

if some one Sniff the traffic for my SQL Server, wish list, he can grab all traffic but not port 1433-34

Author Closing Comment

ID: 37022697

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

WARNING:   If you follow the instructions here, you will wipe out your VTP and VLAN configurations.  Make sure you have backed up your switch!!! I recently had some issues with a few low-end Cisco routers (RV325) and I opened a case with Cisco TA…
Considering cloud tradeoffs and determining the right mix for your organization.
This tutorial will walk an individual through locating and launching the BEUtility application and how to execute it on the appropriate database. Log onto the server running the Backup Exec database. In a larger environment, this would generally be …
This tutorial will walk an individual through the steps necessary to install and configure the Windows Server Backup Utility. Directly connect an external storage device such as a USB drive, or CD\DVD burner: If the device is a USB drive, ensure i…
Suggested Courses

872 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question