Figuring out that an SQL server is listening on an open port and sending SQL queries to it is NOT OK.
Bullshit!
1. Port scanning is not a crime if the port is open to the world! Shit, reminds me of my youth, sk8 is not a crime! Now, if no password is required, you're good to go - i.e. webserver. Trying to force your way through is a crime, though.
2. You need to authenticate for SQL server to process your queries!