This sensor by default runs on port 1433 and uses the protocol Tabular Data Stream protocol, which is used to interact with a Microsoft SQL Sever and provides for authentication. This protocol allows the attacker to login and it can decode SQL queries. The sensor however doesn’t interact with attacker since there’s no database yet.

By default the MSSQL sensor is enabled and running on port 1433. To fully disable the sensor, click on the dropdown and select no. After clicking the save button it will take a maximum of 5 minutes before the MSSQL is disabled on your Honeypot. As mentioned, the MSSQL sensor runs default on port 1433 because thats most commonly the default intance for SQL database servers. It’s however possible to change the port by specifying the specific port and clicking on the save button