Accessing SQL Server - Is Iburst blocking ports?

[Hogrod]

Hi,

As some of you may know Iburst blocks ports 1433 and 445, which allow connections to (Microsoft) SQL Server Databases. In other words if your website uses a sql server you are basically unable to connect to it using a query analyzer, or Enterprise Manager

Does anyone know of an alternative way to connect to the Sql Server through Iburst?

My only alternative is to use dial-up, or abuse the company ADSL line!

 

[Hogrod]

In addition,

Would the torrent box service help me connect to my web host's SQL server?

 

[native]

Hi,

As some of you may know Iburst blocks ports 1433 and 445, which allow connections to (Microsoft) SQL Server Databases. In other words if your website uses a sql server you are basically unable to connect to it using a query analyzer, or Enterprise Manager

Does anyone know of an alternative way to connect to the Sql Server through Iburst?

My only alternative is to use dial-up, or abuse the company ADSL line!

Andytl5


according to http://www.iburst.co.za/networkstatus2.php there was a report for port restriction on 07/06/05
But I think you can send them an e-mail with the IP or the address of the sql server u want to access, something like the smtp

 

[TheRoDent]

It's quite likely that iBurst may be filtering port 1433 for SQL server, as do many ISP. It's a common target for attacks. You could instruct your SQL server to listen on another port than 1433. This should bypass their filtering. I do know that port 445 is definately filtered, and unfortunately it's not so easy to change the MSRPC from listening on that.

Unfortunately I don't have any SQL boxes around anymore, otherwise I could have tested from an iBurst connection whether it is actually filtered or not.

A torrent box will not help you to connect to your SQL server. MrBEEP's OpenWEB socks proxy's may help you. Alternatively establish a VPN to your server using the Windows XP pptp. Then, filtering will not apply whatsoever as all traffic would be encapsulated in the VPN.

Setting up a VPN to a publically hosted SQL server, and having said SQL server only bind to the loopback address (127.0.0.1) is in any case the most sane, and secure way of running a SQL server naked on the web.

 

[DFantom]

You could also create an SSH tunnel to the server and connect to it that way.

 

[Crash]

/me nods with Dfantom.

 

[stoke]

You should set SQL Server to listern on a different port altogether.

Port 1433 is a known hacking entry point anywayz. Anybody can begin a password generating hack on port 1433 using the login sa.

Use port 21 or 80 or 8080 or ... well ... look at C:\WINDOWS\system32\drivers\etc\services in a text editor, and choose one of the other services as the port number to use [obviously you cannot use 80 if you're already running a web server on the same machine].

I carent quite remember how to change the port number - it's somewhere in server network settings in enterprise damager.

Bottom line is - if the port is blocked, use one that isnt, and, you should not use the standard port number anyway - worms have been attcaking port 1433 for years now.

 

[Hogrod]

Thanks for all your input. I have contacted my web host and i will let you know what they recommend. I've asked if they will give me another port number to connect to, as recommended in this thread.

Its interesting that web hosts such as those I've used still use port 1433 considering what bad practice (as mentioned in this thread) it is for them to still be offering port 1433 as a way to connect to the database.

I would appreciate if someone could give me the basic setup or point me to a useful website for creating an SSH Tunnel

In the mean time I will attempt to create a VPN connection, and also try the other methods mentioned above.

Thanks for the input I didn't expect such a great response!

 

[RichardG]

iBURST are just playing with us.
One day it works the other day, I Suffer, best option is restart your computer and try see If it works and Disconnect ur UT-D/C .. Give it a shot you never know. I had problems always going to a website. Could also be this Proxy IP iBURST are using some host are blocking there Proxy and I can't view the website. I had to ask some webmaster of that domain to see if they could remove it and bang. I'm back in

 

[DFantom]

Thanks for all your input. I have contacted my web host and i will let you know what they recommend. I've asked if they will give me another port number to connect to, as recommended in this thread.

Hold a minute are you connecting to a SQL server at a host/colo via an iBurst
example
you -> [ iburst ]-> { internet } -> [sql server]
or are you running a sql server on iburst and trying to access it from the net
[ sql server ] <- [ iburst ] <- {internet } <- you

All the above has been assuming the second, which it doesn't sound like now. AFAIK iBurst only blocks incoming 1433, not outgoing so you should have no problems connecting in the first case.

Its interesting that web hosts such as those I've used still use port 1433 considering what bad practice

It's a standard, thats why it is not a bad practise to use it. But as will all things you must use it wisely, keep the server patched, enforce high security, firewalls etc...

I would appreciate if someone could give me the basic setup

I am assuming you're ssh client is named ssh2.exe
ssh2.exe -L 3389:<ip of sql server server>:3389 <ssh username>@<internet facing IP>

example:
(assuming you setup SSH on the same server)

ssh2.exe -L 3389:127.0.0.1:3389 user@165.146.22.1

or
(assuming you have a seperate server running SSH, i.e. a firewall/gateway, and your sql server ip is 192.168.0.22)

ssh2.exe -L 3389:192.168.0.22:3389 user@165.146.22.1

point me to a useful website for creating an SSH Tunnel

www.google.com

 

[Hogrod]

I am connecting to a SQL server that is hosted by the web host. I am not hosting anything.
Iburst states that it is blocking access to port 1433, therefore I will not be able to connect to a sql server.
I am connecting to the host using SQL Query analyser, and Enterprise Manager via my Iburst connection

I hope this makes sense, if so is there a work around that differs to what you mentioned above?

 

[DFantom]

I hope this makes sense, if so is there a work around that differs to what you mentioned above?

Ah ok. Then all the VPN/SSH stuff requires your host runs the server side stuff for you as well. They might be happier to do that than change the SQL Server port.

 

[Hogrod]

Thanks for your help, I will see what they will do for me