....and in case it is feasible use a custom port to prevent specific attacks to mysql. All clients and application servers will need to connect to the new port.
Claudio 2009/9/24 Willy <sangpr...@gmail.com> > Limit connection from trusted host will reduce it. And its better handled > by firewall . > > > Willy > Sent from my Sony Ericsson XPERIA™ X1. > > -----Original Message----- > From: John <j...@butterflysystems.co.uk> > Sent: 24 September 2009 15:07 > To: 'The Doctor' <doc...@doctor.nl2k.ab.ca>; mysql@lists.mysql.com > Subject: RE: REstricting MySQL access to port 3306 > > I don't think there's anything specific to MySQL but for any system you > should ensure you have a good well configured firewall set up, make sure > antivirus software is installed and kept up to date, ensure programs only > run with essential permissions and keep your system up to date with all the > latest security patches. This applies to windows AND Linux systems. > > You can reduce your exposure to SYN attacks by blocking all incoming > packets > from bad external IP addresses 10.0.0.0 to 10.255.255.255, 127.0.0.0 to > 127.255.255.255, 172.16.0.0 to 172.31.255.255, and 192.168.0.0 to > 192.168.255.255 as well as all internal addresses. > > Brute force attack exposure can be reduced by setting your router to ignore > broadcast addressing and setting your firewall to ignore ICMP requests, how > you do this will depend on your router/firewall. You should also block all > non-service UDP service requests for your network. Programs that need UDP > will still work. > > It's also worth making regular visits to a site such as > http://staff.washington.edu/dittrich/misc/ddos/ to find out what's new in > DDOS. Being well informed is half the battle! > > Regards > > > > John Daisley > MySQL & Cognos Contractor > > Certified MySQL 5 Database Administrator (CMDBA) > Certified MySQL 5 Developer (CMDEV) > IBM Cognos BI Developer > > Telephone +44 (0)7812 451238 > Email j...@butterflysystems.co.uk > > -----Original Message----- > From: The Doctor [mailto:doc...@doctor.nl2k.ab.ca] > Sent: 24 September 2009 07:38 > To: mysql@lists.mysql.com > Subject: REstricting MySQL access to port 3306 > > Some months a back I had to firewall port 3306 due to DDoS. > > I cannot do this now as a client needs 3306 outside the LAN. > > What can I do to prevent DDoS on my MySQL server? > > -- > Member - Liberal International This is doc...@nl2k.ab.ca > Ici doc...@nl2k.ab.ca God, Queen and country! Beware Anti-Christ rising! > Never Satan President Republic! > For the latest World News go to http://www.cuttingedge.org/ > > -- > MySQL General Mailing List > For list archives: http:/ > > [The entire original message is not included] > > -- > MySQL General Mailing List > For list archives: http://lists.mysql.com/mysql > To unsubscribe: > http://lists.mysql.com/mysql?unsub=claudio.na...@gmail.com > > -- Claudio
