Sunday, March 11, 2012

Blocking UDP Port 1434

In order to protect from 'slammer' kind of virus, we are
planning to block UDP Port 1434 on all gateways. Named
instances seem to rely on UDP Port 1434. Since TCP port
the sql instance is listening on can be re-assigned, Can
we reassign the UDP port 1434 as well? Any input will be
appreciated. Thank you!Don't know that you can change the SQL Server Resolution
Service running on UDP port 1434. However, you can still
connect without using the resolution service as long as the
client knows the port to go through. You don't have to HAVE
to go through UDP 1434 to connect to a named instance.
-Sue
On Tue, 30 Mar 2004 12:55:25 -0800, "Wayne"
<anonymous@.discussions.microsoft.com> wrote:

>In order to protect from 'slammer' kind of virus, we are
>planning to block UDP Port 1434 on all gateways. Named
>instances seem to rely on UDP Port 1434. Since TCP port
>the sql instance is listening on can be re-assigned, Can
>we reassign the UDP port 1434 as well? Any input will be
>appreciated. Thank you!|||Thank you, Sue, for the input. I thought for named
instances, tcp ports can be coded on server and clients,
but NOT UDP port 1434. The following is what I get from
BOL. If it can be done without using UDP port 1434, how
should I configure the client to go through gateways?
'Have the network administrator configure the firewall to
forward the IP address and TCP port the instance of SQL
Server is listening on (using either 1433 for a default
instance, or the TCP port you configured a named instance
to listen on). Also configure the firewall to forward
requests for UDP port 1434 on the same IP address. SQL
Server 2000 uses UDP port 1434 to establish communications
links from applications.'
--

>--Original Message--
>Don't know that you can change the SQL Server Resolution
>Service running on UDP port 1434. However, you can still
>connect without using the resolution service as long as
the
>client knows the port to go through. You don't have to
HAVE
>to go through UDP 1434 to connect to a named instance.
>-Sue
>On Tue, 30 Mar 2004 12:55:25 -0800, "Wayne"
><anonymous@.discussions.microsoft.com> wrote:
>
>.
>|||You can use the client network utility to set up an alias and specify the
port or you can specify it in a connection string
HTH
Jasper Smith (SQL Server MVP)
I support PASS - the definitive, global
community for SQL Server professionals -
http://www.sqlpass.org
<anonymous@.discussions.microsoft.com> wrote in message
news:115da01c416a0$77cbcd40$a001280a@.phx
.gbl...
> Thank you, Sue, for the input. I thought for named
> instances, tcp ports can be coded on server and clients,
> but NOT UDP port 1434. The following is what I get from
> BOL. If it can be done without using UDP port 1434, how
> should I configure the client to go through gateways?
> --
> 'Have the network administrator configure the firewall to
> forward the IP address and TCP port the instance of SQL
> Server is listening on (using either 1433 for a default
> instance, or the TCP port you configured a named instance
> to listen on). Also configure the firewall to forward
> requests for UDP port 1434 on the same IP address. SQL
> Server 2000 uses UDP port 1434 to establish communications
> links from applications.'
> --
>
> the
> HAVE|||Like Jasper said...you can code the port in the connection
or use an alias
Just to add a little clarification for you,
UDP 1434 is used to find the port number for the instance.
It's not used by the SQL Server instance or directly by
clients to connect to SQL Server. It's just to enumerate the
instances on a server and find the listening port for the
specific instance.
If you try to connect to SomeServer\MyNamedInstance and
that's what you specify for the connection, it hits UDP 1434
to use the SQL Server Resolution Service to find what port
number SomeServer\MyNamedInstance is listening on. You can
bypass that by specifying the port yourself and then there
is no need to go through UDP 1434.
-Sue
On Tue, 30 Mar 2004 13:46:33 -0800,
<anonymous@.discussions.microsoft.com> wrote:
>Thank you, Sue, for the input. I thought for named
>instances, tcp ports can be coded on server and clients,
>but NOT UDP port 1434. The following is what I get from
>BOL. If it can be done without using UDP port 1434, how
>should I configure the client to go through gateways?
>--
>'Have the network administrator configure the firewall to
>forward the IP address and TCP port the instance of SQL
>Server is listening on (using either 1433 for a default
>instance, or the TCP port you configured a named instance
>to listen on). Also configure the firewall to forward
>requests for UDP port 1434 on the same IP address. SQL
>Server 2000 uses UDP port 1434 to establish communications
>links from applications.'
>--
>
>the
>HAVE|||THANK YOU for the clarification. I guess there is no easy
way out but to hardcode each client with a specific port
number if UDP 1434 is blocked. It would be nice if the
enumeration port UDP 1434 can be changed...

>--Original Message--
>Like Jasper said...you can code the port in the connection
>or use an alias
>Just to add a little clarification for you,
>UDP 1434 is used to find the port number for the instance.
>It's not used by the SQL Server instance or directly by
>clients to connect to SQL Server. It's just to enumerate
the
>instances on a server and find the listening port for the
>specific instance.
>If you try to connect to SomeServer\MyNamedInstance and
>that's what you specify for the connection, it hits UDP
1434
>to use the SQL Server Resolution Service to find what port
>number SomeServer\MyNamedInstance is listening on. You can
>bypass that by specifying the port yourself and then there
>is no need to go through UDP 1434.
>-Sue
>On Tue, 30 Mar 2004 13:46:33 -0800,
><anonymous@.discussions.microsoft.com> wrote:
>
to
instance
communications
are
port
Can
be
>.
>|||I have tow laptops and accessing the server as SomeServer\MyNamedInstance. O
ne laptop goes directly to port 1433, the other one goes to port 1434 first
and fails to connect. Where is this option which makes the second laptop go
to port 1434 first?
Posted using Wimdows.net NntpNews Component -
Post Made from http://www.SqlJunkies.com/newsgroups Our newsgroup engine sup
ports Post Alerts, Ratings, and Searching.

No comments:

Post a Comment