Open MS-SQL Server Resolution Service Report

This report identifies hosts that have the MS-SQL Server Resolution Service running and accessible on the Internet.

These services have the potential to expose information about a client’s network on which this service is accessible and the service itself can be used in UDP amplification attacks.

For more details behind the scan methodology and a daily update of global MS-SQL Server Resolution Service scan statistics please visit our dedicated MS-SQL Server Resolution Service scan page.

For more information on our scanning efforts, check out our Internet scanning summary page.


  • timestamp
    Time that the IP was probed in UTC+0
  • ip
    The IP address of the device in question
  • protocol
    Protocol that the MS-SQL response came on (usually UDP)
  • port
    Port that the MS-SQL response came from (usually 1434)
  • hostname
    Reverse DNS name of the device in question
  • tag
    Will always be mssql
  • asn
    ASN of where the device in question resides
  • geo
    Country where the device in question resides
  • region
    State / Province / Administrative region where the device in question resides
  • city
    City in which the device in question resides
  • naics
    North American Industry Classification System Code
  • sic
    Standard Industrial Classification System Code
  • server_name
    The ServerName field in the response — this is usually the NetBIOS name of the server
  • instance_name
    The InstanceName field in the response — this is the name of the SQL instance on the server
  • version
    Version number of the running MS-SQL / SQLExpress service
  • tcp_port
    The TCP port that you would use to connect to the MS-SQL instance
  • named_pipe
    The named pipe that the SQL server is advertising
  • response_length
    Length of the response from the MS-SQL Server Resolution Service (including packet headers)
  • amplification
    The probable amplification amount, if this device was to participate in a UDP amplification attack — this value is determined by dividing the response_length by the size of the probe that was used


"2015-02-04 07:38:43","","udp",1434,"","mssql","8.00.194",4134,"CN","FUJIAN","LONGYAN",0,0,"IT6MHA4GLBKT3S1","CXDY3",1266,"\IT6MHA4GLBKT3S1pipeMSSQL$CXDY3sqlquery",322,"7.16"
"2015-02-04 07:38:44","","udp",1434,,"mssql","8.00.194",56046,"CN","BEIJING","BEIJING",0,0,"WWW-A0DC0030EFA","MSDE",1121,"\WWW-A0DC0030EFApipeMSSQL$MSDEsqlquery",318,"7.07"
"2015-02-04 07:38:44","","udp",1434,,"mssql","10.0.2531.0",9498,"IN","ANDHRA PRADESH","HYDERABAD",0,0,"OTSI-LYNC","RTCLOCAL",56011,,396,"8.80"
"2015-02-04 07:38:44","","udp",1434,"","mssql","9.00.5000.00",12683,"RU","STAVROPOL'SKIY KRAY","MINERALNYE VODY",0,0,"RU003710S00005","MS_ADMT",0,,734,"16.31"
"2015-02-04 07:38:44","","udp",1434,,"mssql","10.50.1600.1",1659,"TW","TAICHUNG CITY","TAICHUNG",0,0,"AIT-CSIE","SQLSERVER2008R2",1186,,402,"8.93"
"2015-02-04 07:38:44","","udp",1434,"","mssql","9.00.3042.00",18229,"IN","MAHARASHTRA","MUMBAI",0,0,"WIN-JVS9RCPJ2R1","MSSQLSERVER",1433,"\WIN-JVS9RCPJ2R1pipesqlquery",318,"7.07"
"2015-02-04 07:38:44","","udp",1434,"","mssql","9.00.5000.00",27699,"BR","SAO PAULO","SAO PAULO",518210,737415,"RAQUELMATTAR-PC","MSSQLSERVER",1433,"\RAQUELMATTAR-PCpipesqlquery",318,"7.07"
"2015-02-04 07:38:44","","udp",1434,,"mssql","9.00.5000.00",16276,"FR","NORD-PAS-DE-CALAIS","ROUBAIX",0,0,"2K8STD-AD","BKUPEXEC",65039,"\2K8STD-ADpipeMSSQL$BKUPEXECsqlquery",320,"7.11"
"2015-02-04 07:38:44","","udp",1434,,"mssql","8.00.194",33055,"US","ARIZONA","PHOENIX",0,0,"BCC-0T12YTA16XM","MSSQLSERVER",1433,"\BCC-0T12YTA16XMpipesqlquery",310,"6.89"
"2015-02-04 07:38:44","","udp",1434,"","mssql","11.0.2100.60",27715,"BR","SAO PAULO","SAO PAULO",0,0,"WIN-8ESSG5B75DD","SQLSERVER2012",1445,,620,"13.78"

Our 125 Report Types