December 6, 2001 at 7:26 am
I have become aware of some SQL Servers on our network that are hidden. I beleive that SQL2000 is the only version capable of doing this. Is there a way to locate servers on a network that are "Hidden"?
- Vega
December 6, 2001 at 9:46 am
You may be able to use the Microsoft Network Security Hotfix Checker (Hfnetchk.exe) Tool (Microsoft Q number - Q303215)
Steven
December 6, 2001 at 10:20 am
Problem with that particular tool is (according to the network admin) is that you have to run it on the server itself, it dosent sweep the network. At which point if I could do that then I would see the server runnning anyways. I think you have to use a port scanner tool to find them, which sets off all kinds of alarms on our network. SO still not sure how to do it with out scaring everyone with a port scanner.
- Vega
December 6, 2001 at 10:38 am
I wasn't aware they could be hidden? The default instance will respond on port 1433. Named instances use other ports, but I can't remember off the top of my head how they are determined. Anything is going to require some sort of scan. What you could do is write a little DMO solution that will try a range of IP addresses and do a connect on 1433 to each.
Is there some reason you are worried about hidden servers? They should all be firewalled in some way from the internet.
Steve Jones
December 6, 2001 at 1:24 pm
I musta been smokin something cause now I cant find the check box that I thought I saw to hide SQL Server. Maybe it was during an installation? Anyways, we have multiple divisions in seperate locations. I found some open sa servers and am in the process of forcing them to change. I want to make sure no one is hiding SQL Servers on the network. I know you can stop WINNT from announcing itself on the network, but I swore I saw a check box to hide SQl somewhere! AAAgh, now I cant find it!
- Vega
December 6, 2001 at 7:05 pm
Its a property of the TCP config - you can turn it off there. Also via DMO. Here is an excerpt from BOL for SQL2K:
"When you install an instance of SQL Server, SQL Server Setup creates an entry in the Microsoft Windows NT® 4.0 Registry that enables clients to see SQL Server in a server enumeration box in SQL Query Analyzer. For security purposes, you can set TcpFlag to TRUE to hide a server on the network. Clients can still connect to it, but they cannot see the hidden server when viewing servers. You can reveal the server by setting TcpFlag to FALSE."
Andy
December 6, 2001 at 8:16 pm
December 7, 2001 at 6:38 am
After some thought, I've deceided that the best approach is to create policy, since I have to anyways, that contain language that prohibits hiding SQL servers. All SQL servers sit behind a top-notch fire wall so there really is no need to hide them. Thanks all for your input.
- Vega
December 7, 2001 at 10:57 am
Good luck. I'd be interested in hearing how this turns out and what the reactions are.
Steve Jones
Viewing 9 posts - 1 through 8 (of 8 total)
You must be logged in to reply to this topic. Login to reply