Post reply

1434 port

  • April 20, 2006 at 8:47 pm

    #112768

    Hi all,

    My sql 2000 server is using 1434, I try to use the tool to fix the worm but it doesn't find anything. But the sql server is doing scan every 3 seconds to random ports, ISA is reporting this an it's afecting my network.

    How can I fix this issue?

    Tks in advance

    JFB

    =================================================

    Process Name : sqlservr.exe

    Process ID : 1432

    Protocol : UDP

    Local Port : 1434

    Local Port Name : ms-sql-m

    Local Address : 0.0.0.0

    Remote Port :

    Remote Port Name :

    Remote Address :

    State :

    Process Path : C:\PROGRA~1\MICROS~3\MSSQL\binn\sqlservr.exe

    Product Name : Microsoft SQL Server

    File Description : SQL Server Windows NT

    File Version : 2000.080.2039.00

    Company : Microsoft Corporation

    Process Created On: 4/20/2006 5:28:13 PM

    User Name : myDomain\administrator

    Process Services :

    ==================================================

  • April 21, 2006 at 10:07 am

    #633555

    Hi,

    UDP Port 1434 is for Microsoft SQL Monitor service. Service pack 3 or 3A fix possible worm problems, we are told.

    Regards,Yelena Varsha

  • April 21, 2006 at 10:14 am

    #633559

    Tks for reply,

    File Version : 2000.080.2039.00

    As you see my sql server has sp4.

    Any other ideas?

    Rgds

    Johnny

  • April 21, 2006 at 10:55 am

    #633568

    When a client first connects to a SQL Server, it talks to the server's UDP/1434 port. That's the destination port for the client. The source port on the client is random. It's 1024 and greater. This is a standard process by the client. What it is doing is seeking information on what port the instance it's trying to talk to listens to. It even does this when trying to talk to a default instance.

    SQL Server responds back to the client with the instance information. Here's where things change up. SQL Server will ALWAYS send from UDP/1434. And it will go back to whatever was the original source port on the client.

    If you have a lot of clients connecting in to SQL Server, you'd see a lot of traffic from SQL Server's UDP/1434 port to random ports throughout your network (to all the connecting clients).

    Does that help?

    K. Brian Kelley
    @kbriankelley

  • April 21, 2006 at 11:43 am

    #633584

    Ok Brian,

    So I need to open port for this traffic in ISA server.

    Tks for the explanation, It was strange because this is my backup server and no clients connects to this server except for one app that it's in development.

    Maybe my programmers are not using the connection in the right way?? is this posible?

    How can I check this?

    Tks for your help.. Rgds

    Johnny

Viewing 5 posts - 1 through 4 (of 4 total)

You must be logged in to reply to this topic. Login to reply