Dear Y'all -
Gary Huntress writes:
I've looked around at basic security sites (sans.org, whitehats.com)
This is slightly off topic but another security site I'm finding
useful is http://icat.nist.gov/icat.cfm.
Yours - Billy
My firewall has denied and logged several of the following messages:
Packet log: input DENY eth0 PROTO=6 192.168.0.1:37656 66.31.176.185:3306
L=40 S=0x00 I=26581 F=0x T=39 (#2)
As you can see, it is a spoofed IP trying to connect to the mysql port.
I've looked around at basic security sites
Gary Huntress wrote:
My firewall has denied and logged several of the following messages:
Packet log: input DENY eth0 PROTO=6 192.168.0.1:37656 66.31.176.185:3306
L=40 S=0x00 I=26581 F=0x T=39 (#2)
As you can see, it is a spoofed IP trying to connect to the mysql port.
I've looked
It's late.. I want to catch some sleep.. but I found a few on the incidents
list..
http://www.securityfocus.com/bid/926
http://www.securityfocus.com/bid/975
According to some people on the incidents lists there seems to be one or
two probes going on for MySQL servers.. dunno what they're
Maybe they just seeing if MySQL is 'as open' as Interbase...
http://www.securityfocus.com/frames/?content=/templates/advisory.html%3Fid%3D3152
There are a lot of 'robotic probes' going on out there (most commonly looking
for FTP access).
Just 'batten down the hatches' and keep monitoring...
One thing you should do to protect your MySQL 'instance' , is have it running
on a system 'behind' your 'front line' defenses (i.e. Firewall) and not 'on
it'.
Setup MySQL to listen only on the interface that your webserver or other
'client' is communicating on (we have a 'private' network