Microsoft SQL Server is a relational database management system developed by Microsoft. As a database, it is a software product whose primary function is to store and retrieve data as requested by other software applications, be it those on the same computer or those running on another computer across a network (including the Internet). There are at least a dozen different editions of Microsoft SQL Server aimed at different audiences and for workloads ranging from small single-machine applications to large Internet-facing applications with many concurrent users. Its primary query languages are T-SQL and ANSI SQL.
This service has the potential to expose information about a clients network on which this service is accessible and the service itself can be used in UDP amplification attacks. In addition it opens up your system to 0-day attacks or worm/virus infections that exploit a vulnarability in Windows to gain access to your system.
Either use the Windows Firewall or even better an external firewall to prevent access to Netbios (and other Windows ports). The windows firewall has an nasty way of trying to think for himself and for example automaticly starts to open ports if you install something that uses Netbios. In all cases the administrator is unaware of these open ports.
By default, Microsoft Windows enables the Windows Firewall, which closes port 1433 to prevent Internet computers from connecting to a default instance of SQL Server on your computer. Connections to the default instance using TCP/IP are not possible unless you reopen port 1433. If you need access from remote machines to your Microsoft SQL server, then only allow the required hosts and close down world wide accesss to the SQL server.
Ports used by Microsoft are: TCP/1433, UDP/1434, TCP/1434, TCP/4022, TCP/135, TCP/2383. In addition the SQL Server uses a randomly assign dynamic port for named instance!