Port Authority Edition – Internet Vulnerability Profiling
by Steve Gibson,  Gibson Research Corporation.

Goto Port 1432
Probe Port 1433
Enter Port: 0-65535
Goto Port 1434

Port Authority Database

Port 1433



Microsoft's SQL Server, including the desktop editions that are often silently installed with other Microsoft applications, opens and services queries delivered over incoming TCP connections through this port.

Related Ports: 

Background and Additional Information:

This port's adjacent UDP cousin (port 1434) hosted the fastest spreading Internet worm ever seen at the time. What's interesting about this port (1433) is that a less well known, and significantly less prolific SQL worm, known as the "SQL Snake" was discovered to be exploiting a different SQL server vulnerability almost a year earlier. It didn't make headlines, but it did come to the attention of the Internet security community. Microsoft generated patches for their SQL server products but, as shown by the later success of the SQL Slammer worm, they apparently didn't examine all of the SQL Server Internet interface code. Whoops.

Needless to say, if our port analysis found your port 1433 open, and if you are not deliberately offering SQL services to the global Internet (who would be that insane?), you will definitely want to either shut down the secret SQL server running in your machine, or arrange to have a personal firewall or NAT router block that port from all external access. (And do the same for port 1434 while you're at it!)

Trojan Sightings: SQL Snake

The entire contents of this page is copyright © 2008 by Gibson Research Corporation.

Jump to top of page
Gibson Research Corporation is owned and operated by Steve Gibson.  The contents
of this page are Copyright (c) 2020 Gibson Research Corporation. SpinRite, ShieldsUP,
NanoProbe, and any other indicated trademarks are registered trademarks of Gibson
Research Corporation, Laguna Hills, CA, USA. GRC's web and customer privacy policy.
Jump to top of page