none
Length specified in network packet payload did not match number of bytes read; the connection has been closed.

    Question


  •  Hello every one
    I am getting this in my event log from time to time . not sure what is that ?
    Is this a hacker trying to send rubbish data to SQL through the port ?
    Any help is appreciated .

    Length specified in network packet payload did not match number of bytes read; the connection has been closed. Please contact the vendor of the client library. [CLIENT: someip]
    dimanche 9 mars 2008 13:34

Réponses

  • Again, I suggest you run network monitor to see who/what is hitting your server on the specified port. Perhaps, this is some internal inventory software that is scanning the network.  Changing tcp port does not solve the problem here.

     

     

     

    mardi 11 mars 2008 22:02
    Modérateur

Toutes les réponses

  •  

    Look like an intrusion. I suggest you take a look at sql log to track down the connection. Netmon is helpful here too.

     

     

    lundi 10 mars 2008 05:38
    Modérateur
  •  

    If someone is trying to telnet to 1433 for monitoring or probing, you will get this error.
    lundi 10 mars 2008 17:11
  • Thank you all for the reply  , 

    my server is on port  1533 . Port  1433  is closed  on my server .
     
    All the requests are coming from my own ip , i feel this is funny . 
    Is my server hacked then ? 
    Or could be my ISP doing any routine tests ? 
    Also is this is hack attempt , what does this hacker think he will benefit from this ? Could this bring the SQL  server down  ?  
    I was thinking about chaning port to something else ,  1344 or something , u think this can be better  ?



    lundi 10 mars 2008 17:33
  • Again, I suggest you run network monitor to see who/what is hitting your server on the specified port. Perhaps, this is some internal inventory software that is scanning the network.  Changing tcp port does not solve the problem here.

     

     

     

    mardi 11 mars 2008 22:02
    Modérateur
  • this was it . I was using Languard  intrusion  detection system , it does a complete scan every 6 hours , and when i looked on those events they occur every 6 hours . 
    Nothing scary  Smile
    mercredi 12 mars 2008 14:17
  • Is there a way to prevent these "false alert" generated by a vulnerability tool?

    We already know the IP addresses used by that tool.

    Thanks


    Guy from Montreal

    vendredi 9 mai 2014 17:45