Step 3: Look at open ports

You can use the netstat tool built into Windows to see what ports are open and connected on your SQL Server. Before you spend countless hours troubleshooting, run these tests to rule a Trojan horse.

Look at open ports

You can use the netstat tool built into Windows to see what ports are open and connected on the server. At a command prompt, simply enter netstat –an|more to get a page by page count of what TCP and UDP ports are open and listening. An even better way to go about doing this is to use  Foundstone's Vision tool or Sysinternals' TCPView tool as shown below with the NetBus Trojan highlighted.

Sysinternals' TCPView maps open ports to actual executable files

This is another reason to know your SQL Server inside and out. If you know what you're looking at then you'll know what you're looking for.

 


Test for a Trojan horse on your SQL Server

 Home: Introduction
 Step 1: Scan your SQL Server for malware
 Step 2: Look in the memory
 Step 3: Look at open ports
 Step 4: Peek into your network traffic
 Step 5: Approach with a malicious mindset

ABOUT THE AUTHOR:
Kevin Beaver is an independent information security consultant and expert witness with Atlanta-based Principle Logic, LLC . He has more than 18 years of experience in IT and specializes in performing information security assessments revolving around compliance and IT governance. Kevin has authored/co-authored six books, including Hacking Wireless Networks For Dummies, and Securing the Mobile Enterprise For Dummies (all by Wiley), as well as  The Practical Guide to HIPAA Privacy and Security Compliance (Auerbach).

This was first published in October 2006

Dig deeper on Microsoft SQL Server Performance Monitoring and Tuning

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

1 comment

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchBusinessAnalytics

SearchDataCenter

SearchDataManagement

SearchAWS

SearchOracle

SearchContentManagement

SearchWindowsServer

Close