2

My network team recently deployed Nexpose's Rapid 7. Unfortunately, every time they scan a SQL Server I typically see one of two severity 20 alerts being generated. This in turn causes SQL Server to SMS the on-call phone. I received hundreds of alerts last weekend.

I've googled every combination of nexpose, rapid 7, sql server, alerts, configuration settings, etc. I can think of to try to help the network team help me by not generating the errors, but can't find anything.

Has anyone else experienced this and, if so, were you able to resolve it?

The sev. 20 errors are:

Length specified in network packet payload did not match number of bytes read; the connection has been closed. Please contact the vendor of the client library.

The login packet used to open the connection is structurally invalid; the connection has been closed. Please contact the vendor of the client library.

GrandMasterFlush
  • 6,269
  • 19
  • 81
  • 104
James Carroll
  • 31
  • 2

1 Answers1

1

We had a similar problem to this, it was happening when a web server was trying to connect to a MS SQL Server through the filewall. Instead of using the usual TCP/IP SQL Server connection that would run over port 1433 the web server was set to connect using Named Pipes, which use an SMB connection over port 445.

To get round it, we had the choice of allowing connections over port 445 or moving the connection to use port 1433.

This question has some useful information about the differences between these two types of connection.

Community
  • 1
  • 1
GrandMasterFlush
  • 6,269
  • 19
  • 81
  • 104