none
Length specified in network packet payload did not match number of bytes read; the connection has been closed.

    Question


  •  Hello every one
    I am getting this in my event log from time to time . not sure what is that ?
    Is this a hacker trying to send rubbish data to SQL through the port ?
    Any help is appreciated .

    Length specified in network packet payload did not match number of bytes read; the connection has been closed. Please contact the vendor of the client library. [CLIENT: someip]
    Sunday, March 09, 2008 1:34 PM

Answers

  • Again, I suggest you run network monitor to see who/what is hitting your server on the specified port. Perhaps, this is some internal inventory software that is scanning the network.  Changing tcp port does not solve the problem here.

     

     

     

    Tuesday, March 11, 2008 10:02 PM
    Moderator

All replies

  •  

    Look like an intrusion. I suggest you take a look at sql log to track down the connection. Netmon is helpful here too.

     

     

    Monday, March 10, 2008 5:38 AM
    Moderator
  •  

    If someone is trying to telnet to 1433 for monitoring or probing, you will get this error.
    Monday, March 10, 2008 5:11 PM
  • Thank you all for the reply  , 

    my server is on port  1533 . Port  1433  is closed  on my server .
     
    All the requests are coming from my own ip , i feel this is funny . 
    Is my server hacked then ? 
    Or could be my ISP doing any routine tests ? 
    Also is this is hack attempt , what does this hacker think he will benefit from this ? Could this bring the SQL  server down  ?  
    I was thinking about chaning port to something else ,  1344 or something , u think this can be better  ?



    Monday, March 10, 2008 5:33 PM
  • Again, I suggest you run network monitor to see who/what is hitting your server on the specified port. Perhaps, this is some internal inventory software that is scanning the network.  Changing tcp port does not solve the problem here.

     

     

     

    Tuesday, March 11, 2008 10:02 PM
    Moderator
  • this was it . I was using Languard  intrusion  detection system , it does a complete scan every 6 hours , and when i looked on those events they occur every 6 hours . 
    Nothing scary  Smile
    Wednesday, March 12, 2008 2:17 PM