PEPPLER.ORG
Michael Peppler
Sybase Consulting
Menu
Home
Sybase on Linux
Install Guide for Sybase on Linux
General Sybase Resources
General Perl Resources
Freeware
Sybperl
Sybase::Simple
DBD::Sybase
BCP Tool
Bug Tracker
Mailing List Archive
Downloads Directory
FAQs
Sybase on Linux FAQ
Sybperl FAQ
Personal
Michael Peppler's resume

sybperl-l Archive

Up    Prev    Next    

From: Michael Peppler <mpeppler at MBAY dot NET>
Subject: Re: Indirect security question / off topic...
Date: Oct 16 1997 6:31PM

Tim Holt wrote:
> 
> This may be (well, is) off topic, but in some respects seemed to be a good
> group to try...
> 
> I've noticed that I can telnet to the port number of my Sybase server, but
> get no real responce from it.  Does anyone have an analysis of the security
> risk to this?  What could you do to someone elses machine if you knew this
> "hole" existed?  We would like to utilize a Sybase connection on our web
> site, which is external to our firewall.

Interesting question. Sybase uses a protocol (TDS) to communicate
between the client and the server, and I'm pretty sure that this is a
binary protocol. The SQL that is sent is probably sent in clear text
but I don't know if it would be possible to emulate the protocol
with a telnet session (of course you still have to log on to
get a valid session where the SQL can be accepted).

> 
> Also, kind of off/side topic:  Is anyone using the encrypted "tunneling"
> capabilities of ssh (http://www.datafellows.com) for thru-firewall
> Sybase connectivity?

I haven't used it for that. I use ssh to connect to the site where I
work (from home) and use X over the connection, and that works
great.

Michael
-- 
Michael Peppler       -||-  Data Migrations Inc.
mpeppler@datamig.com  -||-  http://www.mbay.net/~mpeppler