then to scan them for vulnerabilities.
I've just been handed a list of machines and have been asked to
determine which ones are actually MS SQLServer. (AppDetective says
that all of the systems on the list have MS SQLServer).
Does MS SQLServer make use of the same engine/port arrangements for
its other applications such as MS Access?
I've also heard that the engine (Jett?) is also used in some other
Windows components, which is why the AV systems had such problems with
Slammer last year. Is this true?
Thanks in advance"Byrocat" <bdealhoy@.sympatico.ca> wrote in message
news:b47d3acf.0502090633.251c12da@.posting.google.c om...
>I am using a tool called AppDetective to identify database servers and
> then to scan them for vulnerabilities.
> I've just been handed a list of machines and have been asked to
> determine which ones are actually MS SQLServer. (AppDetective says
> that all of the systems on the list have MS SQLServer).
> Does MS SQLServer make use of the same engine/port arrangements for
> its other applications such as MS Access?
> I've also heard that the engine (Jett?) is also used in some other
> Windows components, which is why the AV systems had such problems with
> Slammer last year. Is this true?
> Thanks in advance
I don't know how AppDetective identifies an MSSQL installation, but if it's
reporting machines which you don't believe have MSSQL, it may be that they
have MSDE instead - it's a throttled version of MSSQL for small
applications. If any of the apps listed here are installed, that may be why
they appear in AppDetective:
http://www.sqlsecurity.com/DesktopDefault.aspx?tabid=31
Some people installed these apps without realising that they included MSDE,
so they did get hit by Slammer, despite believing that they had no MSSQL
installations. As of SP3a, network access to MSDE is disabled by default, to
prevent attacks on MSDE installations which are only used locally.
The Jet engine is used by Access, which doesn't listen on any ports since it
isn't a server.
Simon
No comments:
Post a Comment