Port 1434

it might be Citrix...Check out..

Port 1434 is the SQL Server port. Do you have SQL Server running on a machine? If you don't, it's a moot point. BTW, port 1434 is closed by default on A NAT router. If you had a router that also did logging and had a logviewer to view the logs, one could easily see the attempts on port

No SQL server Admin in their right mind would have SQL Server exposed to the public Internet setting rules to open the port anyway. If a Web application as an example wanted to access SQL Server, then the client program through a server side object a database access program/object -- DLL would get the request from the client program and do the updating, deleting or adding of data to the database tables. The same would hold true for Oracle or Access too. But of course, no one would use Access as it's not a multi user network database solution and that's why there is SQL Server. You being an applications network developer for accounting systems accessing databases should know this kind of stuff I would think.

Duane :)

You really don't even know how to determine what ports something is normally used for??? 1434 is the SQL Management port, not the data port, and it's used by SQL Enterprise Manager and other management tools.

Some machines infected with the SQL Slammer worm will use this port and then there are machines/people looking for non-passworded SQL servers to harvest names/id/credit information from.

Bzzzt, wrong, my appliances, even a NAT box, will let me know every time anything attempts a connection, even if it's a approved connection. Now, do I want to be notified all the time? Heck no, it would be a complete waste to have alerts pop-up every time our network is scanned by some rogue machine.

Are our networks, even those behind simple NAT devices, protected against 1433/1434 probes? Yes, even the default rules in appliances and the default method used in NAT routers, doesn't let either port inbound. Oh, anyone using a port forward inbound for 1434 is a complete idiot, it's best done through a dedicated line or a VPN of type, directly exposing a Windows machine (even your firewall machine) to the Internet is a very stupid thing.

Maybe, before you post again, you should get a real appliance and learn about what they can do, what they offer, what features they have - I said it a couple ways since you don't seem to understand simple concepts.

Just some definitions to clear things up a bit. Generally speaking, a virus or trojan will attack a computer from within, not make attacks outward to other computers. Zombie networks or botnets (which are

Port 1434 is home to SQL server like many have already stated. There are documented attack possibilities to SQL server the most trivial to use the default password or make a dictionary attack to logon. Earlier Microsoft versions of SQL had serious security flaws which allowed access to the system files and the possibility to inject DLLs that would compromise a system once logged in. Knowing that sysadmins sometimes lag update patches, these probes are an attempt to find vulnerable SQL servers and own the computer.

Take a look at this article:

Not true. Although not all hardware appliances have logging capabilities.

Oh, well done, brave firewall. One might ask if port 1434 is open on your systems behind the firewall, but I'd imagine that's another computer task that is beyond your skill set.

What's the matter - is your access to google also broken due to your inept firewall setup? We already know that you lack all knowledge of networking fundamentals, as you constantly demonstrate.

No, No, No! It's supposed to block all network traffic when that happens. That gives you time to get to another computer system, log into an ISP using a different connection (because you have stopped the regular setup) and post a wailing cry on Usenet asking "What do I do now???"

Charles, you have no idea what a hardware appliance can or can not do, so quite making intentionally false statements. Logging is easy to set up (though obviously beyond your ken). However, most production setups don't bother to scream everytime a gnat farts within fifty miles. Did your childhood reading not include the Grimes Fairytails - specifically about the boy who called 'wolf' to often? Your firewall apparently blocked the connection attempts - get on with your life if you have one.

Old guy

On Wed, 29 Jun 2005 00:25:43 -0700, Charles Newman spoketh

I see that the clue fairy hasn't come around to Charlies house while I've been gone.

My hardware firewall (even the cheapest one I've had) blocks all this by default without nagging me about it. It simply drops it, and moves on with life. You on the other hand, needs to take an action every time something new comes around... Now who's the fool?

That's an SQL server port, btw, and it's a very old exploit, been going on for years.

Lars M. Hansen

Most likely a worm.

Oh, really? Here is a snippet of a hardware appliance log:

But why would you want an "instant notification" instead of a log entry?

Back when the SQL Slammer worm hit we were getting more than 680 hits a minute, the last thing I would have wanted is some lame a$$ personal firewall doing the blocking, the firewall appliance logs perfectly well enough.

Charles is just a noob that knows less than most noobs.