I came across a good post over at the Data Management section of Less Than Dot, describing how to scan through a network looking for unsecure SQL instances. It makes use of the free SQL Ping tool and describes automating the process using SSIS. This is pretty interesting to me as I’ve just finished writing an article on SQL Server security for the May issue of TechNet Magazine. You may be surprised to find what unmanaged or unsecure SQL instances exist on your corporate network…
Here’s an example command I ran on our home WLAN:
sqlping3cl.exe -scantype range -startIP 192.168.1.0 -endIP 192.168.1.254 -output instances.csv
Check out the post here.