I am looking at a particular Azure SQL Database that has Server level firewall rules. I am told there are no database level firewall rules. Nmap reported open ports on the database even though the IP address i ran it from was not allowed according to the firewall rules. Furthermore, i scanned the same IP with OpenVAS and it reported back the version of MS SQL that was running. I examined Server level firewall rules list for bad entries, and it only has single entries (no ranges), and from & to IP addresses match. What could be wrong?
Here are the nmap results:
nmap xxxxxxxx.database.windows.net
PORT STATE SERVICE
443/tcp open https
1433/tcp open ms-sql-s
1434/tcp open ms-sql-m
1443/tcp open ies-lm
3306/tcp open mysql
4343/tcp open unicall
5002/tcp open rfe
5432/tcp open postgresql
7443/tcp open oracleas-https
16000/tcp open fmsas
16001/tcp open fmsascon
16012/tcp open unknown
16016/tcp open unknown
16018/tcp open unknown
0 Answers