Task 6.1 - SQL tcp port 1433

In the real lab, how do we know SQL tcp port number is 1433?  Where can we find this information in DOC CD? 

Never mind, I found a way to show port number on router as follow:

Rack1R5#sh ip nbar port-map
port-map bgp                      udp 179
port-map bgp                      tcp 179
port-map bittorrent               tcp 6969 6881 6882 6883 6884 6885 6886 6887 6888 6889
port-map citrix                   udp 1604
port-map citrix                   tcp 2598 2512 2513 1494
port-map cuseeme                  udp 7648 7649 24032
port-map cuseeme                  tcp 7648 7649
port-map dhcp                     udp 67 68
port-map directconnect            tcp 411 412 413
port-map dns                      udp 53
port-map dns                      tcp 53
port-map edonkey                  tcp 4662
port-map exchange                 tcp 135
port-map fasttrack                tcp 1214
port-map finger                   tcp 79
port-map ftp                      tcp 21
port-map gnutella                 udp 6346 6347 6348
port-map gnutella                 tcp 6346 6347 6348 6349 6355 5634
port-map gopher                   udp 70
port-map gopher                   tcp 70
port-map h323                     udp 1300 1718 1719 1720 11720
port-map h323                     tcp 1300 1718 1719 1720 11000 - 11999
port-map http                     tcp 80
port-map imap                     udp 143 220
port-map imap                     tcp 143 220
port-map irc                      udp 194
port-map irc                      tcp 194
port-map kerberos                 udp 88 749
port-map kerberos                 tcp 88 749
port-map l2tp                     udp 1701
port-map ldap                     udp 389
port-map ldap                     tcp 389
port-map mgcp                     udp 2427 2727
port-map mgcp                     tcp 2427 2428 2727
port-map netbios                  udp 137 138
port-map netbios                  tcp 137 139
port-map netshow                  tcp 1755
port-map nfs                      udp 2049
port-map nfs                      tcp 2049
port-map nntp                     udp 119
port-map nntp                     tcp 119
port-map notes                    udp 1352
port-map notes                    tcp 1352
port-map novadigm                 udp 3460 3461 3462 3463 3464 3465
port-map novadigm                 tcp 3460 3461 3462 3463 3464 3465
port-map ntp                      udp 123
port-map ntp                      tcp 123
port-map pcanywhere               udp 22 5632
port-map pcanywhere               tcp 65301 5631
port-map pop3                     udp 110
port-map pop3                     tcp 110
port-map pptp                     tcp 1723
port-map printer                  udp 515
port-map printer                  tcp 515
port-map rcmd                     tcp 512 513 514
port-map rip                      udp 520
port-map rsvp                     udp 1698 1699
port-map rtsp                     tcp 554 8554
port-map secure-ftp               tcp 990
port-map secure-http              tcp 443
port-map secure-imap              udp 585 993
port-map secure-imap              tcp 585 993
port-map secure-irc               udp 994
port-map secure-irc               tcp 994
port-map secure-ldap              udp 636
port-map secure-ldap              tcp 636
port-map secure-nntp              udp 563
port-map secure-nntp              tcp 563
port-map secure-pop3              udp 995
port-map secure-pop3              tcp 995
port-map secure-telnet            tcp 992
port-map sip                      udp 5060
port-map sip                      tcp 5060
port-map skinny                   tcp 2000 2001 2002
port-map smtp                     tcp 25
port-map snmp                     udp 161 162
port-map snmp                     tcp 161 162
port-map socks                    tcp 1080
port-map sqlnet                   tcp 1521
port-map sqlserver                tcp 1433
port-map ssh                      tcp 22
port-map streamwork               udp 1558
port-map sunrpc                   udp 111
port-map sunrpc                   tcp 111
port-map syslog                   udp 514
port-map telnet                   tcp 23
port-map tftp                     udp 69
port-map vdolive                  tcp 7000
port-map winmx                    tcp 6699
port-map xwindows                 tcp 6000 6001 6002 6003
Rack1R5#

Comments

  • I used FPM on this issue:

    load protocol system:fpm/phdf/tcp.phdf
    load protocol system:fpm/phdf/ip.phdf

    class-map type access-control match-all slammer-class
     match field TCP dest-port eq 1433
     match field IP length eq 404

    class-map type stack match-all ip-tcp
     match field IP protocol eq 0x6 next TCP

    policy-map type access-control fpm-low
     class slammer-class
       drop

    policy-map type access-control fpm-high
     class ip-tcp
      service-policy fpm-low

    interface FastEthernet0/0.5
     service-policy type access-control input fpm-high

    Hope that this solution is valid, as fas as phdf files will be available on lab exam.

     

     

     

  • My question is this. How do I know whether an service policy input or output is required to contain the traffic as the question puts it.

  • It is the qouestion itself , they mentioned sending out 404 byte from the host to the router , so it will be in policy for the router.

  • leminhleminh ✭✭

    me too, i used fpm as a solution :)

  • Hi,

    We have the length option to route-maps to so we can use Policy Based Routing to match ACL with destination port 1433 TCP and length min = max = 404

    Does anyone thinks the same?

    Razvan

  • Hi,

     

    Just read the task again and relised we are not allowed to use an access-list :)

    In this case, using class-map and a policy-map with drop action is perfect for me.

    Razvan

Sign In or Register to comment.