This port's adjacent UDP cousin (port 1434) hosted the fastest spreading Internet worm ever seen at the time. What's interesting about this port (1433) is that a less well known, and significantly less prolific SQL worm, known as the "SQL Snake" was discovered to be exploiting a different SQL server vulnerability almost a year earlier. It didn't make headlines, but it did come to the attention of the Internet security community. Microsoft generated patches for their SQL server products but, as shown by the later success of the SQL Slammer worm, they apparently didn't examine all of the SQL Server Internet interface code. Whoops.
Needless to say, if our port analysis found your port 1433 open, and if you are not deliberately offering SQL services to the global Internet (who would be that insane?), you will definitely want to either shut down the secret SQL server running in your machine, or arrange to have a personal firewall or NAT router block that port from all external access. (And do the same for port 1434 while you're at it!)
Trojan Sightings: SQL Snake The entire contents of this page is copyright © 2008 by Gibson Research Corporation.
|