July 13, 2023 at 1:37 pm
Hi
I noticed that SQLPS connects to the internet on different IP's on port 80.
For example even while executing a simple command like : SQLPS -command dir
Some of the IP's I witnessed: 41.63.96.128, 8.238.22.254, 209.197.3.8
Anyone any ideas as to why or what it's doing?
Thanks
Thierry
July 13, 2023 at 5:37 pm
No idea, and searching for this is hard. Too many PoSh things work with IPs.
I suspect that it (or the PS Gallery modules) have some hard-coded IPs they use to connect somehow, or there's a query for load balancing to the Gallery that returns a number of IPs it uses. It would be interesting to wireshark or sniff what's happening.
Interesting for me for you to do it. 🙂
July 14, 2023 at 10:01 am
Unfortunately (well, actually fortunately :)) our SQL servers don't allow any incoming traffic from the internet so Wireshark trace just shows it's connecting but then it stops, no replies come in.
July 14, 2023 at 3:04 pm
Not surprised. A lot of software will check for updates or to send some sort of metric data back and if they don't get a response, they stop trying. However, it's an annoying delay. Especially interactively.
Viewing 4 posts - 1 through 3 (of 3 total)
You must be logged in to reply to this topic. Login to reply