 |
 | Home | Contact Us | FAQ | Search & Site Map | Link to Us |
 | Sign In | Join | Other 45 Sites in Network |
SQL Server Forum / DB Engine / SQL Server / March 2008pingsql utility
Anybody have experience w/ this freebie? I have been asked to ferret out any unknown SQL2000 instances across the subnets our group is responsible for, since maintainance EOL has been reached. Found this tool which might be a useable approach but I do have some concerns. Their document suggests that something beyond a simple port scan is used. I am concerned that running this tool might trip the trigger of our highly vigilant security team. I also wonder what the program does in a firewalled environment where 1433 is tightly locked. If it can't handle those, it just may not be worth it. The OSQL -L option misses too much, but are there any others tool you might have used?  SignatureGraham (Pete) Berry PeteBerry@Caltech.edu No tool will find everything, fwiw. > Anybody have experience w/ this freebie? I have been asked to ferret out > any unknown SQL2000 instances across the subnets our group is [quoted text clipped - 8 lines] > The OSQL -L option misses too much, but are there any others tool you > might have used? Hi Pete The best thing I know is SQLPing or SQLRecon, but as Aaron says some instances may not be detectable. If your security team were that one the ball, they should know what SQL instances you have!! John > Anybody have experience w/ this freebie? I have been asked to ferret out > any unknown SQL2000 instances across the subnets our group is [quoted text clipped - 8 lines] > The OSQL -L option misses too much, but are there any others tool you > might have used? Hi Pete The best thing I know is SQLPing or SQLRecon, but as Aaron says some instances may not be detectable. If your security team were that one the ball, they should know what SQL instances you have!! John > Anybody have experience w/ this freebie? I have been asked to ferret out > any unknown SQL2000 instances across the subnets our group is [quoted text clipped - 8 lines] > The OSQL -L option misses too much, but are there any others tool you > might have used? Hi Pete The best thing I know is SQLPing or SQLRecon, but as Aaron says some instances may not be detectable. It also checks for blank sa passwords and tries to find version numbers. If your security team were that one the ball, they should know what SQL instances you have!! John > Anybody have experience w/ this freebie? I have been asked to ferret out > any unknown SQL2000 instances across the subnets our group is [quoted text clipped - 8 lines] > The OSQL -L option misses too much, but are there any others tool you > might have used? If you are only concerned with a subnet, you should be able to reliably find all the SQL instance using the following steps: 1. Enumerate all the servers on the subnet. You can use a Windows API for this, or you probably already know what servers are already on the subnet. Alternatively, you can even ause a brute force method to go over all the IP addresses on the subnet. 2. For each server, check if there are SQL instances installed and/or running by looking at its registry. Since SQL Server instances have known registry entries, you shouldn't miss any. Linchi > Anybody have experience w/ this freebie? I have been asked to ferret out > any unknown SQL2000 instances across the subnets our group is [quoted text clipped - 8 lines] > The OSQL -L option misses too much, but are there any others tool you > might have used? |
Reply to this Message |
 Sign In
 Join
 My Latest Posts My Monitored Threads My Blog My Photo Gallery My Profile My Homepage Start New Thread Enable EMail Alerts Rate this Thread
|
©2009 Advenet LLC Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.