SQL Clone
SQLServerCentral is supported by Redgate
 
Log in  ::  Register  ::  Not logged in
 
 
 


Change the port number for connections to SQL Server


Change the port number for connections to SQL Server

Author
Message
SQLDCH
SQLDCH
Hall of Fame
Hall of Fame (3.4K reputation)Hall of Fame (3.4K reputation)Hall of Fame (3.4K reputation)Hall of Fame (3.4K reputation)Hall of Fame (3.4K reputation)Hall of Fame (3.4K reputation)Hall of Fame (3.4K reputation)Hall of Fame (3.4K reputation)

Group: General Forum Members
Points: 3427 Visits: 3401
Comments posted to this topic are about the item Change the port number for connections to SQL Server

----------------------------------------------------------------------------
Sacramento SQL Server users group - http://sac.sqlpass.org
Follow me on Twitter - @SQLDCH
----------------------------------------------------------------------------

Yeah, well...The Dude abides.
okbangas
okbangas
SSCrazy
SSCrazy (2.6K reputation)SSCrazy (2.6K reputation)SSCrazy (2.6K reputation)SSCrazy (2.6K reputation)SSCrazy (2.6K reputation)SSCrazy (2.6K reputation)SSCrazy (2.6K reputation)SSCrazy (2.6K reputation)

Group: General Forum Members
Points: 2621 Visits: 1387
Hi, just a little feedback. Under conclusion, you write:
If the SQL Server Browser service is not running, connection strings will have to specify the port number in order to connect.

As I understand it, this is partially correct. You do not have to specify port number if the server is listening on port 1433, as it does on default instances by default. Apart from this, it is correct, whether you have specified port numbers manually or not.



Ole Kristian Velstadbråten Bangås - Virinco - Facebook - Twitter

Concatenating Row Values in Transact-SQL
Kelsey Thornton
Kelsey Thornton
SSC Eights!
SSC Eights! (881 reputation)SSC Eights! (881 reputation)SSC Eights! (881 reputation)SSC Eights! (881 reputation)SSC Eights! (881 reputation)SSC Eights! (881 reputation)SSC Eights! (881 reputation)SSC Eights! (881 reputation)

Group: General Forum Members
Points: 881 Visits: 282
Very well explained but missing one useful point:

"Why would you want to change the port number in the first place?"

Kelsey Thornton
MBCS CITP
heymiky
heymiky
UDP Broadcaster
UDP Broadcaster (1.5K reputation)UDP Broadcaster (1.5K reputation)UDP Broadcaster (1.5K reputation)UDP Broadcaster (1.5K reputation)UDP Broadcaster (1.5K reputation)UDP Broadcaster (1.5K reputation)UDP Broadcaster (1.5K reputation)UDP Broadcaster (1.5K reputation)

Group: General Forum Members
Points: 1459 Visits: 845
One reason to change the port number is if your named instance needs to use kerberos delegation there's many others when you'd need to do it. My personal preference is to set all named instances using static ports I also tend to use port numbers starting from 14330 upwards for all other instances on the server...
John Mitchell-245523
John Mitchell-245523
SSC-Dedicated
SSC-Dedicated (34K reputation)SSC-Dedicated (34K reputation)SSC-Dedicated (34K reputation)SSC-Dedicated (34K reputation)SSC-Dedicated (34K reputation)SSC-Dedicated (34K reputation)SSC-Dedicated (34K reputation)SSC-Dedicated (34K reputation)

Group: General Forum Members
Points: 34516 Visits: 16651
Kelsey Thornton (3/1/2012)
Very well explained but missing one useful point:

"Why would you want to change the port number in the first place?"


(1) Security, to prevent attacks on the default port. Read about the SQL Slammer virus that hit nine years ago.

(2) You may have more than one instance on the same computer. They can't all listen on the same port.

John
Kelsey Thornton
Kelsey Thornton
SSC Eights!
SSC Eights! (881 reputation)SSC Eights! (881 reputation)SSC Eights! (881 reputation)SSC Eights! (881 reputation)SSC Eights! (881 reputation)SSC Eights! (881 reputation)SSC Eights! (881 reputation)SSC Eights! (881 reputation)

Group: General Forum Members
Points: 881 Visits: 282
I don't dispute there are many reasons why this might be desirable, or even required.

My point was simply that a little background information into why the port number was being changed might not be out of place in the article.

It's a bit like giving driving directions to #1544 Tree Road, Smalltown, WI and not saying "come to my party at 8 o'clock tonight"

Kelsey Thornton
MBCS CITP
John Mitchell-245523
John Mitchell-245523
SSC-Dedicated
SSC-Dedicated (34K reputation)SSC-Dedicated (34K reputation)SSC-Dedicated (34K reputation)SSC-Dedicated (34K reputation)SSC-Dedicated (34K reputation)SSC-Dedicated (34K reputation)SSC-Dedicated (34K reputation)SSC-Dedicated (34K reputation)

Group: General Forum Members
Points: 34516 Visits: 16651
Kelsey Thornton (3/1/2012)
I don't dispute there are many reasons why this might be desirable, or even required.

My point was simply that a little background information into why the port number was being changed might not be out of place in the article.

It's a bit like giving driving directions to #1544 Tree Road, Smalltown, WI and not saying "come to my party at 8 o'clock tonight"

I see what you're getting at now, Kelsey. Anyway, see you at the party tonight! Is WI Wisconsin?

John
Kelsey Thornton
Kelsey Thornton
SSC Eights!
SSC Eights! (881 reputation)SSC Eights! (881 reputation)SSC Eights! (881 reputation)SSC Eights! (881 reputation)SSC Eights! (881 reputation)SSC Eights! (881 reputation)SSC Eights! (881 reputation)SSC Eights! (881 reputation)

Group: General Forum Members
Points: 881 Visits: 282
John Mitchell-245523 (3/1/2012)
I see what you're getting at now, Kelsey. Anyway, see you at the party tonight! Is WI Wisconsin?

John


Probably - I just used two letters I thought were probably a US state (so the US readers would feel at home)

:-D

Kelsey Thornton
MBCS CITP
okbangas
okbangas
SSCrazy
SSCrazy (2.6K reputation)SSCrazy (2.6K reputation)SSCrazy (2.6K reputation)SSCrazy (2.6K reputation)SSCrazy (2.6K reputation)SSCrazy (2.6K reputation)SSCrazy (2.6K reputation)SSCrazy (2.6K reputation)

Group: General Forum Members
Points: 2621 Visits: 1387
John Mitchell-245523 (3/1/2012)
Security, to prevent attacks on the default port. Read about the SQL Slammer virus that hit nine years ago.

I tend to disagree. Yes slammer hit 1433, but in my humble opinion you do not change port numbers due to security issues. If you do read about slammer, the patch for the slammer security issue was released more than six months earlier. Slammer did much damage to to unpatched systems, not due to default port numbers.

There are still valid reasons for specifying port numbers. The two most common cases I've seen is routing access through a firewall (were all ports are closed by default), and access to named instances from clients who don't understand instances (by using IP and port number).



Ole Kristian Velstadbråten Bangås - Virinco - Facebook - Twitter

Concatenating Row Values in Transact-SQL
John Mitchell-245523
John Mitchell-245523
SSC-Dedicated
SSC-Dedicated (34K reputation)SSC-Dedicated (34K reputation)SSC-Dedicated (34K reputation)SSC-Dedicated (34K reputation)SSC-Dedicated (34K reputation)SSC-Dedicated (34K reputation)SSC-Dedicated (34K reputation)SSC-Dedicated (34K reputation)

Group: General Forum Members
Points: 34516 Visits: 16651
okbangas (3/1/2012)
I tend to disagree. Yes slammer hit 1433, but in my humble opinion you do not change port numbers due to security issues. If you do read about slammer, the patch for the slammer security issue was released more than six months earlier. Slammer did much damage to to unpatched systems, not due to default port numbers.

There are still valid reasons for specifying port numbers. The two most common cases I've seen is routing access through a firewall (were all ports are closed by default), and access to named instances from clients who don't understand instances (by using IP and port number).

It's true that there was already a patch for Slammer, but some people prefer to add that extra layer of security as well. What would have happened if another worm that there was no patch for had come along exploiting 1433? I know that not everybody believes in security by obscurity (changing names and numbers away from default or descriptive values in order to mask their purpose), but it's a genuine school of thought.

I happen to think that changing ports for security reasons is a good idea, but of course I understand that not everybody has the same point of view. I only pointed out that this is a reason why one might wish to change the port.

Thanks for also pointing out those other reasons.

John
Go


Permissions

You can't post new topics.
You can't post topic replies.
You can't post new polls.
You can't post replies to polls.
You can't edit your own topics.
You can't delete your own topics.
You can't edit other topics.
You can't delete other topics.
You can't edit your own posts.
You can't edit other posts.
You can't delete your own posts.
You can't delete other posts.
You can't post events.
You can't edit your own events.
You can't edit other events.
You can't delete your own events.
You can't delete other events.
You can't send private messages.
You can't send emails.
You can read topics.
You can't vote in polls.
You can't upload attachments.
You can download attachments.
You can't post HTML code.
You can't edit HTML code.
You can't post IFCode.
You can't post JavaScript.
You can post emoticons.
You can't post or upload images.

Select a forum

































































































































































SQLServerCentral


Search