Michael Peppler
Sybase Consulting
Sybase on Linux
Install Guide for Sybase on Linux
General Sybase Resources
General Perl Resources
BCP Tool
Bug Tracker
Mailing List Archive
Downloads Directory
Sybase on Linux FAQ
Sybperl FAQ
Michael Peppler's resume

sybperl-l Archive

Up    Prev    Next    

From: Michael Peppler <mpeppler at MBAY dot NET>
Subject: Re: Indirect security question / off topic...
Date: Oct 16 1997 6:31PM

Tim Holt wrote:
> This may be (well, is) off topic, but in some respects seemed to be a good
> group to try...
> I've noticed that I can telnet to the port number of my Sybase server, but
> get no real responce from it.  Does anyone have an analysis of the security
> risk to this?  What could you do to someone elses machine if you knew this
> "hole" existed?  We would like to utilize a Sybase connection on our web
> site, which is external to our firewall.

Interesting question. Sybase uses a protocol (TDS) to communicate
between the client and the server, and I'm pretty sure that this is a
binary protocol. The SQL that is sent is probably sent in clear text
but I don't know if it would be possible to emulate the protocol
with a telnet session (of course you still have to log on to
get a valid session where the SQL can be accepted).

> Also, kind of off/side topic:  Is anyone using the encrypted "tunneling"
> capabilities of ssh ( for thru-firewall
> Sybase connectivity?

I haven't used it for that. I use ssh to connect to the site where I
work (from home) and use X over the connection, and that works

Michael Peppler       -||-  Data Migrations Inc.  -||-