Step 2: Perform an active scan

Chip Andrews, Contributor

Armed with a list of IP addresses and ranges to scan, you need to probe the network looking for SQL Servers. Most scanning tools will work off of some combination of TCP port 1433 scanning, using UDP port 1434 packets to query the SQL Resolution Service, or query the remote registry and file system. There are quite a few tools available to help you in those tasks. Among them are:

    Requires Free Membership to View

It should be noted that many of these scans will not return results in the case of personal firewalls, disabled netlibs, or a lack of appropriate rights on the machines being scanned.


 Home: Introduction
 Step 1: Map your network
 Step 2: Perform an active scan
 Step 3: Check for SQL registrations
 Step 4: Probe remote services
 Step 5: Probe for SSNetlib.dll versions
 Step 6: Directly request version information
 Go to: How to patch SQL Servers, part 2


Chip Andrews is the director of research and development for Special Ops Security Inc. and the founder of the Web site, which focuses on Microsoft SQL Server security topics and issues. He is also the author of SQL Server Security.

There are Comments. Add yours.

TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: