Before rushing to implement an attack at an SQL server, it would be desirable to determine whether it is present and, ideally , to determine its type. If the server is located within the DMZ (although it should not be located there under any circumstances), then it is enough to scan its ports (Fig. 28.3). Ports tracked by various SQL server implementations are listed in Table 28.2.
Port | Server |
---|---|
1433 | Microsoft SQL Server |
1434 | Microsoft SQL Monitor |
1498 | Watcom SQL |
1525 | Oracle |
1527 | Oracle |
1571 | Oracle Remote Data Base |
3306 | MySQL |