List:General Discussion« Previous MessageNext Message »
From:Willy Date:September 24 2009 8:37am
Subject:RE: REstricting MySQL access to port 3306
View as plain text  
Limit connection from trusted host will reduce it. And its better handled by firewall .


Willy
Sent from my Sony Ericsson XPERIA¬ô X1.

-----Original Message-----
From: John <john@stripped>
Sent: 24 September 2009 15:07
To: 'The Doctor' <doctor@stripped>; mysql@stripped
Subject: RE: REstricting MySQL access to port 3306

I don't think there's anything specific to MySQL but for any system you
should ensure you have a good well configured firewall set up, make sure
antivirus software is installed and kept up to date, ensure programs only
run with essential permissions and keep your system up to date with all the
latest security patches. This applies to windows AND Linux systems.

You can reduce your exposure to SYN attacks by blocking all incoming packets
from bad external IP addresses 10.0.0.0 to 10.255.255.255, 127.0.0.0 to
127.255.255.255, 172.16.0.0 to 172.31.255.255, and 192.168.0.0 to
192.168.255.255 as well as all internal addresses.

Brute force attack exposure can be reduced by setting your router to ignore
broadcast addressing and setting your firewall to ignore ICMP requests, how
you do this will depend on your router/firewall. You should also block all
non-service UDP service requests for your network. Programs that need UDP
will still work. 

It's also worth making regular visits to a site such as
http://staff.washington.edu/dittrich/misc/ddos/ to find out what's new in
DDOS. Being well informed is half the battle!

Regards



John Daisley
MySQL & Cognos Contractor

Certified MySQL 5 Database Administrator (CMDBA)
Certified MySQL 5 Developer (CMDEV)
IBM Cognos BI Developer

Telephone +44 (0)7812 451238
Email john@stripped

-----Original Message-----
From: The Doctor [mailto:doctor@stripped] 
Sent: 24 September 2009 07:38
To: mysql@stripped
Subject: REstricting MySQL access to port 3306

Some months a back I had to firewall port 3306 due to DDoS.

I cannot do this now as a client needs 3306 outside the LAN.

What can I do to prevent DDoS on my MySQL server?

-- 
Member - Liberal International	This is doctor@stripped
Ici doctor@stripped God, Queen and country! Beware Anti-Christ rising!
Never Satan President Republic!
For the latest World News go to http://www.cuttingedge.org/

-- 
MySQL General Mailing List
For list archives: http:/

[The entire original message is not included]
Thread
REstricting MySQL access to port 3306The Doctor24 Sep
  • RE: REstricting MySQL access to port 3306John24 Sep
    • Re: REstricting MySQL access to port 3306muhammad subair24 Sep
RE: REstricting MySQL access to port 3306Willy24 Sep
  • Re: REstricting MySQL access to port 3306Claudio Nanni24 Sep
    • Re: REstricting MySQL access to port 3306Johan De Meersman24 Sep