Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
Re: [SPAM] Re: [SPAM] Re: [Full-Disclosure] Spybot and SQL

From: Jacek Barcikowski (m.escowp.pl)
Date: Fri Feb 11 2005 - 16:04:17 CST

Matthew Farrenkopf wrote:
> Jacek,
>>>(The MSDE engine was installed on two machines for an application
> we
>>>use, and the engine is used only locally by the application. The
>>>thought never crossed my mind that the engine was misconfigured
> with a
>>>blank sa password, but on analysis it looks like that's how the
>>>application communicates with the database. There's no option to
> add a
>>>password in the application, so I blocked port 1433 to the outside
>>>world. Problem solved until we can talk to the vendor.)
>>Before the installation you can set up a setup.ini file with
>>DISABLENETWORKPROTOCOLS=1 configuration option in it. MSDE will not
>>listen to any port, therefore cannot be accessed from the net.
>>Best reagards,
> Regrettably, this is an automated installation system. It's not like I
> was able to install MSDE first myself, then install the application. It
> was all done at once.
> Is there any way to disable it after installation? (I haven't had a
> chance to RTFineM, but will go do that as well.) Right now, I'm
> protecting ports with IPSec rules.

You can run svrnetcn.exe from command line and then disable TCP/IP from
enabled protocols list.

Here is also a great article about MSDE configuration:


Best regards,
Jacek Barcikowski

Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html