List:General Discussion« Previous MessageNext Message »
From:Claudio Nanni Date:September 24 2009 8:56am
Subject:Re: REstricting MySQL access to port 3306
View as plain text  
....and in case it is feasible use a custom port to prevent specific attacks
to mysql.
All clients and application servers will need to connect to the new port.

Claudio


2009/9/24 Willy <sangprabv@stripped>

> Limit connection from trusted host will reduce it. And its better handled
> by firewall .
>
>
> Willy
> Sent from my Sony Ericsson XPERIA™ X1.
>
> -----Original Message-----
> From: John <john@stripped>
> Sent: 24 September 2009 15:07
> To: 'The Doctor' <doctor@stripped>; mysql@stripped
> Subject: RE: REstricting MySQL access to port 3306
>
> I don't think there's anything specific to MySQL but for any system you
> should ensure you have a good well configured firewall set up, make sure
> antivirus software is installed and kept up to date, ensure programs only
> run with essential permissions and keep your system up to date with all the
> latest security patches. This applies to windows AND Linux systems.
>
> You can reduce your exposure to SYN attacks by blocking all incoming
> packets
> from bad external IP addresses 10.0.0.0 to 10.255.255.255, 127.0.0.0 to
> 127.255.255.255, 172.16.0.0 to 172.31.255.255, and 192.168.0.0 to
> 192.168.255.255 as well as all internal addresses.
>
> Brute force attack exposure can be reduced by setting your router to ignore
> broadcast addressing and setting your firewall to ignore ICMP requests, how
> you do this will depend on your router/firewall. You should also block all
> non-service UDP service requests for your network. Programs that need UDP
> will still work.
>
> It's also worth making regular visits to a site such as
> http://staff.washington.edu/dittrich/misc/ddos/ to find out what's new in
> DDOS. Being well informed is half the battle!
>
> Regards
>
>
>
> John Daisley
> MySQL & Cognos Contractor
>
> Certified MySQL 5 Database Administrator (CMDBA)
> Certified MySQL 5 Developer (CMDEV)
> IBM Cognos BI Developer
>
> Telephone +44 (0)7812 451238
> Email john@stripped
>
> -----Original Message-----
> From: The Doctor [mailto:doctor@stripped]
> Sent: 24 September 2009 07:38
> To: mysql@stripped
> Subject: REstricting MySQL access to port 3306
>
> Some months a back I had to firewall port 3306 due to DDoS.
>
> I cannot do this now as a client needs 3306 outside the LAN.
>
> What can I do to prevent DDoS on my MySQL server?
>
> --
> Member - Liberal International  This is doctor@stripped
> Ici doctor@stripped God, Queen and country! Beware Anti-Christ rising!
> Never Satan President Republic!
> For the latest World News go to http://www.cuttingedge.org/
>
> --
> MySQL General Mailing List
> For list archives: http:/
>
> [The entire original message is not included]
>
> --
> MySQL General Mailing List
> For list archives: http://lists.mysql.com/mysql
> To unsubscribe:
> http://lists.mysql.com/mysql?unsub=1
>
>


-- 
Claudio

Thread
REstricting MySQL access to port 3306The Doctor24 Sep
  • RE: REstricting MySQL access to port 3306John24 Sep
    • Re: REstricting MySQL access to port 3306muhammad subair24 Sep
RE: REstricting MySQL access to port 3306Willy24 Sep
  • Re: REstricting MySQL access to port 3306Claudio Nanni24 Sep
    • Re: REstricting MySQL access to port 3306Johan De Meersman24 Sep