locked
Connecting to SQLServer remotely with SQL Browser, Hosting Server warning of (Amplification Attacks)?? RRS feed

  • Question

  • I was able to connect to sql server remotely but i received a alert off possible UPD amplification attacks  by activating the 

    SQL Browser service,

    This is the alert

    Dear Sir or Madam, Microsoft SQL-Server (MS-SQL) includes a "Browser Service" usually listening on port 1434/udp [1]. If this service is openly accessible from the Internet, it exposes information on the network the SQL server is running on. Furthermore, it can be abused for DDoS amplification attacks. The Shadowserver 'Open MS-SQL Server Resolution Service Scanning Project' [2] identifies MS-SQL Browser Services which are openly accessible from the Internet. Shadowserver provides CERT-Bund with the test results for IP addresses in Germany for notification of the owners of the affected systems. Please find below a list of affected systems hosted on your network. The timestamp (timezone UTC) indicates when the system was found to be running an openly accessible MS-SQL Server Browser Service. "Server Name" usually corresponds to the NetBIOS name of the server. "Instance Name" is the name of the SQL instance on the server. "Amplification" is the amplification factor attackers can achieve when abusing the service for DDoS attacks. This value is determined by dividing the size of the response by the size of the request sent to the server.


    Microsoft recommends:
    "The SQL Server Browser service lets users connect to instances
     of the Database Engine that are not listening on port 1433,
     without knowing the port number. To use SQL Server Browser, you
     must open UDP port 1434. To promote the most secure environment,
     leave the SQL Server Browser service stopped, and configure
     clients to connect using the port number." [3]


    Im not sure how to fix this issue, and this article is not clear as what to do?????




    • Edited by MarinusF Monday, March 23, 2015 12:40 PM
    Monday, March 23, 2015 12:39 PM

Answers

  • As in the MS recommends, you can stop & disable SQL Server Browser-Service, but then you have to use the IP port to address your SQL Server, e.g. in Connection string:

    "...;Data Source=YourServer, 1433; ..."


    Olaf Helper

    [ Blog] [ Xing] [ MVP]

    • Marked as answer by MarinusF Monday, March 23, 2015 1:24 PM
    Monday, March 23, 2015 12:43 PM
  • The recommendation here would be to start using non-default ports for SQL Server. Ie instead of default 1433 force SQL Server to listen to a non-default port. Once this is done, then stop Browser Service and let all applications/users specify portno when connecting to SQL Server.


    Regards, Ashwin Menon My Blog - http:\\sqllearnings.com


    • Edited by Ashwin Menon Monday, March 23, 2015 12:48 PM
    • Marked as answer by MarinusF Monday, March 23, 2015 1:24 PM
    Monday, March 23, 2015 12:48 PM

All replies

  • As in the MS recommends, you can stop & disable SQL Server Browser-Service, but then you have to use the IP port to address your SQL Server, e.g. in Connection string:

    "...;Data Source=YourServer, 1433; ..."


    Olaf Helper

    [ Blog] [ Xing] [ MVP]

    • Marked as answer by MarinusF Monday, March 23, 2015 1:24 PM
    Monday, March 23, 2015 12:43 PM
  • The recommendation here would be to start using non-default ports for SQL Server. Ie instead of default 1433 force SQL Server to listen to a non-default port. Once this is done, then stop Browser Service and let all applications/users specify portno when connecting to SQL Server.


    Regards, Ashwin Menon My Blog - http:\\sqllearnings.com


    • Edited by Ashwin Menon Monday, March 23, 2015 12:48 PM
    • Marked as answer by MarinusF Monday, March 23, 2015 1:24 PM
    Monday, March 23, 2015 12:48 PM
  • Hello,

    If you have a default instance, you don’t need SQL Server Browser service. If you have a named instance, you can configure SQL Server to listen on a specific port and avoid using SQL Server Browser service.

    https://msdn.microsoft.com/en-us/library/ms177440.aspx



    Hope this helps.



    Regards,

    Alberto Morillo
    SQLCoffee.com

    Monday, March 23, 2015 1:02 PM
  • When SQL Server is connected to the Internet, you should disable the SQL Browser service.

    Monday, March 23, 2015 1:16 PM
  • I would like to add that you should not expose SQL Server on the Internet at all. No matter which port you use, there will be people knocking all the time - and one day may be able to get in.


    Erland Sommarskog, SQL Server MVP, esquel@sommarskog.se
    Monday, March 23, 2015 10:20 PM