1

I am looking at a particular Azure SQL Database that has Server level firewall rules. I am told there are no database level firewall rules. Nmap reported open ports on the database even though the IP address i ran it from was not allowed according to the firewall rules. Furthermore, i scanned the same IP with OpenVAS and it reported back the version of MS SQL that was running. I examined Server level firewall rules list for bad entries, and it only has single entries (no ranges), and from & to IP addresses match. What could be wrong?

Here are the nmap results:

nmap xxxxxxxx.database.windows.net
PORT STATE SERVICE
443/tcp open https
1433/tcp open ms-sql-s
1434/tcp open ms-sql-m
1443/tcp open ies-lm
3306/tcp open mysql
4343/tcp open unicall
5002/tcp open rfe
5432/tcp open postgresql
7443/tcp open oracleas-https
16000/tcp open fmsas
16001/tcp open fmsascon
16012/tcp open unknown
16016/tcp open unknown
16018/tcp open unknown
M6rk
  • 63
  • 5
  • Your results might be from the Azure firewall and not your node. Make a change on the server and see if the change is reflected in the scan. – schroeder Mar 03 '20 at 21:52
  • @schroeder - if it was the firewall alone, how would OpenVAS detect it was MS SQL 2014? What sort of change are you proposing i make? – M6rk Mar 03 '20 at 22:10
  • Do you see your connection attempt in the diagnostic logs? Might reveal which firewall rule that accepts your connection – Jarnstrom Mar 04 '20 at 06:52

0 Answers0