Internet-Security raven logo internet-security.com

UDP 1434

ProtocolUDP
Port1434
LabelsMicrosoft SQL Server database management system (MSSQL) monitor

Synopsis

  • UDP port 1434 is used by Microsoft SQL Server for the SQL Server Resolution Protocol (SSRP).
  • The SQL Server Browser service (SQL Server 2005+), and the older SQL Server 2000/MSDE listener, listen on UDP 1434 to map named instances to their TCP ports.
  • Real-world example: a client connecting to "SQLSERVER01\FINANCE" sends a UDP query to port 1434 to learn the dynamic TCP port for that named instance before establishing the TCP connection.
  • SQL Server Express editions also use UDP 1434 for instance discovery when named instances are involved.
  • Exploitation history: the SQL Slammer (Sapphire) worm in 2003 exploited a buffer overflow in the SQL Server 2000 Resolution Service on UDP 1434, causing massive denial-of-service and rapid propagation.
  • Because of this, many environments block UDP 1434 at the perimeter or disable SQL Server Browser and use fixed ports instead.

Observed activity

Last 30 days Detailed chart

More information