Snort mailing list archives

Re: mysql error prevails...

From: AllowOverride <allowoverride () gmail com>
Date: Sat, 06 Oct 2012 13:01:28 -0700

sorry i can't, this is the snort-users list. just filter me
allowoverride as sender. poof! im gone. 
i guess you better try filtering the daily/weekly/monthly as well as my
nick is also in there... good luck ;)

--- Begin Message --- From: B E <bge240 () yahoo com>
Date: Sat, 6 Oct 2012 11:28:37 -0700 (PDT)

please take me off your list

________________________________
 From: AllowOverride <allowoverride () gmail com>
To: Eric G <eric () nixwizard net> 
Cc: snort-users <snort-users () lists sourceforge net> 
Sent: Saturday, October 6, 2012 2:13 PM
Subject: Re: [Snort-users] mysql error prevails...

ah, the old telnet trick, ok,, here is the results

1.  

ufw status numbered 
Status: active

     To                         Action      From
     --                         ------      ----
[ 1] 192.168.1.14 22/tcp        ALLOW IN    192.168.1.35
[ 2] 192.168.1.14 80/tcp        ALLOW IN    192.168.1.35
[ 3] 192.168.1.14 139/tcp       ALLOW IN    192.168.1.35
[ 4] 192.168.1.14 445/tcp       ALLOW IN    192.168.1.35
[ 5] 192.168.1.14 22/tcp        ALLOW IN    192.168.1.8
[ 6] 192.168.1.14 139/tcp       ALLOW IN    192.168.1.8
[ 7] 192.168.1.14 445/tcp       ALLOW IN    192.168.1.8
[ 8] 3306                       ALLOW IN    Anywhere

2. 
from remote ip 192.168.1.35

telnet 192.168.1.14 3306
Trying 192.168.1.14...
telnet: Unable to connect to remote host: Connection refused

3.

telnet localhost 3306
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
[
5.5.24-0ubuntu0.12.04.1
$V9Z:SoY�]glkUE;5:cbCmysql_native_password^CConnection closed by
foreign host.

hmm interesting, all that data spit out, its open of course.. its
localhost

4. ok, let's try with ufw off (aka iptables)

# ufw disable 
Firewall stopped and disabled on system startup

# service ufw stop
ufw stop/waiting

remotely from 192.168.1.35:

telnet 192.168.1.14 3306
Trying 192.168.1.14...
telnet: Unable to connect to remote host: Connection refused

telnet localhost 3306
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
[
5.5.24-0ubuntu0.12.04.1%BAaEs4F�b@Wug%}l&q,&mysql_native_password
^C   Connection closed by foreign host.

suggestions? thanks eric g :)

On Fri, 2012-10-05 at 18:56 -0400, Eric G wrote:



On Fri, Oct 5, 2012 at 5:50 PM, AllowOverride
<allowoverride () gmail com> wrote:
         Yep: it must be something else: any suggestions??
        
        


Something simple and basic to try... can you try to just 'telnet
localhost 3306' and see if a socket successfully opens on mysql's
port?


--
Eric



------------------------------------------------------------------------------
Don't let slow site performance ruin your business. Deploy New Relic APM
Deploy New Relic app performance management and know exactly
what is happening inside your Ruby, Python, PHP, Java, and .NET app
Try New Relic at no cost today and get our sweet Data Nerd shirt too!
http://p.sf.net/sfu/newrelic-dev2dev
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Please visit http://blog.snort.org/ to stay current on all the latest Snort news!

--- End Message ---

------------------------------------------------------------------------------
Don't let slow site performance ruin your business. Deploy New Relic APM
Deploy New Relic app performance management and know exactly
what is happening inside your Ruby, Python, PHP, Java, and .NET app
Try New Relic at no cost today and get our sweet Data Nerd shirt too!
http://p.sf.net/sfu/newrelic-dev2dev

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!

Current thread:

Re: mysql error prevails..., (continued)
- - - Message not available
    - Re: mysql error prevails... AllowOverride (Oct 06)
    - Re: mysql error prevails... Jack (Oct 06)
    - Re: mysql error prevails... AllowOverride (Oct 06)
    - Re: mysql error prevails... AllowOverride (Oct 06)
    - Re: mysql error prevails... AllowOverride (Oct 05)
    - Re: mysql error prevails... Peter Bates (Oct 05)
    - Re: mysql error prevails... AllowOverride (Oct 05)
    - Re: mysql error prevails... Peter Bates (Oct 05)
    - Re: mysql error prevails... AllowOverride (Oct 05)
    - Message not available
    - Re: mysql error prevails... AllowOverride (Oct 06)
    - Message not available
    - Re: mysql error prevails... AllowOverride (Oct 06)
    - Re: mysql error prevails... AllowOverride (Oct 05)
    - Re: mysql error prevails... AllowOverride (Oct 05)
    - Re: mysql error prevails... Jeremy Hoel (Oct 04)
    - Re: mysql error prevails... AllowOverride (Oct 05)
  - Re: mysql error prevails... AllowOverride (Oct 04)
- Re: mysql error prevails... beenph (Oct 04)
  - Re: mysql error prevails... AllowOverride (Oct 04)