EN
Русский
TCP
Dangerous
Database
Port 1433 (MSSQL)
Learn about port 1433 (MSSQL) - security risks, vulnerabilities, and common uses. Find devices with port 1433 open.
Quick Info
Port Number
1433
Protocol
TCP
Service
MSSQL
IANA Name
MSSQL
Service Description
TCP port 1433 is the standard port for Microsoft SQL Server (MSSQL), a relational database management system (RDBMS) developed by Microsoft. It's used for the Database Engine, the core service for storing, processing, and securing data. The protocol used on this port is the Tabular Data Stream (TDS) protocol, a proprietary protocol designed for client-server communication between database systems. TDS handles everything from authentication and query execution to data transfer. Clients connect to the SQL Server instance on port 1433, authenticate (typically using SQL Server Authentication or Windows Authentication), and then send SQL queries or stored procedure execution requests. The server processes these requests and returns the results, also using TDS. The port is used for both local and remote connections to the SQL Server instance.
At a technical level, when a client initiates a connection to port 1433, the SQL Server service listens for incoming connections. Upon receiving a connection request, the server initiates a TDS handshake. This handshake involves exchanging information about supported protocol versions, encryption capabilities, and authentication methods. Once the handshake is complete and authentication is successful, the client can begin sending SQL commands. The server parses these commands, executes them against the database, and returns the results to the client via TDS. The protocol supports multiple result sets, error handling, and transaction management, allowing for complex interactions between the client and the database server. The SQL Server Browser service uses UDP port 1434 to help clients locate SQL Server instances, but the primary data communication occurs over TCP port 1433.
## Firewall Recommendations
Blocking port 1433 on the firewall is highly recommended if the SQL Server instance does not need to be directly accessible from the internet or untrusted networks. If remote access is required, restrict access to specific IP addresses or networks using firewall rules. Consider using a VPN for secure remote access. Ensure that SQL Server is configured to listen only on the necessary network interfaces. Regularly audit and update firewall rules. Best practices include using strong passwords, enabling encryption for connections to SQL Server, keeping the SQL Server software up to date with the latest security patches, and implementing least privilege access controls. Consider using a web application firewall (WAF) to protect against SQL injection attacks. Monitoring network traffic for suspicious activity is also crucial.
At a technical level, when a client initiates a connection to port 1433, the SQL Server service listens for incoming connections. Upon receiving a connection request, the server initiates a TDS handshake. This handshake involves exchanging information about supported protocol versions, encryption capabilities, and authentication methods. Once the handshake is complete and authentication is successful, the client can begin sending SQL commands. The server parses these commands, executes them against the database, and returns the results to the client via TDS. The protocol supports multiple result sets, error handling, and transaction management, allowing for complex interactions between the client and the database server. The SQL Server Browser service uses UDP port 1434 to help clients locate SQL Server instances, but the primary data communication occurs over TCP port 1433.
## Firewall Recommendations
Blocking port 1433 on the firewall is highly recommended if the SQL Server instance does not need to be directly accessible from the internet or untrusted networks. If remote access is required, restrict access to specific IP addresses or networks using firewall rules. Consider using a VPN for secure remote access. Ensure that SQL Server is configured to listen only on the necessary network interfaces. Regularly audit and update firewall rules. Best practices include using strong passwords, enabling encryption for connections to SQL Server, keeping the SQL Server software up to date with the latest security patches, and implementing least privilege access controls. Consider using a web application firewall (WAF) to protect against SQL injection attacks. Monitoring network traffic for suspicious activity is also crucial.
Security Information
Port 1433 is a prime target for attackers due to the sensitive data often stored in SQL Server databases. Common attack vectors include SQL injection, brute-force attacks against SQL Server accounts, and exploiting known vulnerabilities in the SQL Server software. If SQL Server is exposed directly to the internet without proper security measures, it becomes vulnerable to attacks such as credential stuffing, denial-of-service (DoS) attacks, and remote code execution. Attackers may attempt to gain unauthorized access to the database to steal, modify, or delete data. Furthermore, unpatched SQL Server instances are susceptible to publicly known vulnerabilities that can allow attackers to gain complete control of the server. Weak passwords, default configurations, and insufficient access controls are common misconfigurations that attackers exploit.
Known Vulnerabilities
| CVE | Name | Severity | Description |
|---|---|---|---|
| CVE-2012-0158 | Microsoft SQL Server Memory Corruption Vulnerability | Critical | A remote code execution vulnerability exists in Microsoft SQL Server when the Database Engine incorrectly handles crafted TDS packets, allowing an attacker to execute arbitrary code in the context of the SQL Server service account. |
| CVE-2017-8529 | Microsoft SQL Server Remote Code Execution Vulnerability | Critical | A remote code execution vulnerability exists in Microsoft SQL Server Reporting Services due to improper handling of page requests, allowing an authenticated attacker to upload arbitrary files and execute code on the server. |
| CVE-2021-1636 | Microsoft SQL Server Information Disclosure Vulnerability | Medium | An information disclosure vulnerability exists in Microsoft SQL Server that could allow an attacker to read sensitive information. |
| CVE-2022-41073 | Microsoft SQL Server Elevation of Privilege Vulnerability | High | An elevation of privilege vulnerability exists in Microsoft SQL Server. An attacker who successfully exploited this vulnerability could gain elevated privileges. |
| CVE-2023-36036 | Microsoft SQL Server Remote Code Execution Vulnerability | Critical | A remote code execution vulnerability exists in Microsoft SQL Server. An attacker who successfully exploited this vulnerability could execute arbitrary code on the underlying system. |
Malware Associations
- SQLRat
- Gh0st RAT (may use MSSQL for command and control)
- Various botnets that use compromised SQL Servers for spamming or DDoS attacks
Common Software
- Microsoft SQL Server
- SQL Server Management Studio (SSMS)
- SQLCMD
- Azure Data Studio
- Visual Studio (with SQL Server Data Tools)
- Third-party database management tools that support TDS
Find devices with this port
Discover all devices with port 1433 open in any country.
Search Port 1433Find all devices with port 1433 open
ScaniteX scans millions of IPs to find devices with specific ports open. Perfect for security research and network auditing.
Start Mass Scanning