View previous topic :: View next topic |
Author |
Message |
Anonymoose -
Joined: 09 Sep 2003 Posts: 2192
|
|
Back to top |
|
|
Anonymoose -
Joined: 09 Sep 2003 Posts: 2192
|
Posted: Fri Jan 28, 2005 3:15 pm Post subject: |
|
|
This has now been confirmed. The worm affects 4.0.21 or later servers and affects only servers running on Windows. Remember, if it's only your local machine querying MySQL you don't need the MySQL port open to the internet. If you have chosen to use DMZ on your router rather than specific port forwarding, be extremely careful. The worm attacks weak root passwords.
http://isc.sans.org/diary.php?date=2005-01-27 |
|
Back to top |
|
|
TRUSTAbyss -
Joined: 29 Oct 2003 Posts: 3752 Location: USA, GA
|
Posted: Fri Jan 28, 2005 4:34 pm Post subject: |
|
|
So your saying that even if your using v4.0.23 , you cannot be infected if the port 3306 is not
forwarded or open on your router/firewall , I leave my server at localhost so I don't think I
have anything to worry about right , im just curious , I currently have MySQL offline. |
|
Back to top |
|
|
olly86 -
Joined: 25 Apr 2003 Posts: 993 Location: Wiltshire, UK
|
Posted: Fri Jan 28, 2005 5:07 pm Post subject: |
|
|
If MySQL cannot be accessed from the Internet it cannot be attacked. So from the setup your describing, you are safe. _________________ Olly |
|
Back to top |
|
|
Anonymoose -
Joined: 09 Sep 2003 Posts: 2192
|
Posted: Fri Jan 28, 2005 5:46 pm Post subject: |
|
|
That's right.
However, as I know a lot of people gave up on trying to sort out port forwarding on their router and set up their PC in the DMZ instead, it seemed important to mention this... |
|
Back to top |
|
|
Arctic -
Joined: 24 Sep 2004 Posts: 560
|
Posted: Fri Jan 28, 2005 10:27 pm Post subject: |
|
|
How can I tell if mine is accesible from the internet? |
|
Back to top |
|
|
kanderson -
Joined: 25 Jan 2005 Posts: 7 Location: Vancouver, WA
|
Posted: Fri Jan 28, 2005 11:03 pm Post subject: |
|
|
If port 3306 is blocked at router level then your MySQL server will only be able to be accessed from within your LAN.
To test this, go to a computer outside of your network that is connected to the Internet.
Go to Start -> Run -> Telnet -> OK
Type: o yourdomain.com 3306
If it responds back, then it's accessable via the net... If it doesn't, then you're clear. _________________ Kris Anderson
Lead Developer
Zee-Way Services |
|
Back to top |
|
|
Moxxnixx -
Joined: 21 Jun 2003 Posts: 1226 Location: Florida
|
|
Back to top |
|
|
|