[Intrusions] MySQL hits...

bschnzl at cotse.net bschnzl at cotse.net
Sat Feb 5 16:01:03 GMT 2005 

All...

I have been hit with 1047 mysql sessions on THP!  The bulk of the 
hits came at 0929 EST and continued until 1051.  I have attached the 
SYNs.  Is there a new MYSQL exploit, or was this guy just beating his 
head against a wall?

B.

On 20 Jan 2005, this text appeared purporting to belong to Jason

From:           	"Jason \"JC\" Monroe" <monroe at peoplego.com>
To:             	"Intrusions List (GCIA Practicals)" <intrusions at lists.sans.org>
Date sent:      	Thu, 20 Jan 2005 22:38:46 -0800
Subject:        	[Intrusions] Re: Summary of large-scale portscanning detects
Send reply to:  	"Intrusions List \(GCIA Practicals\)" <intrusions at lists.sans.org>
	<mailto:intrusions-request at lists.sans.org?subject=unsubscribe>
	<mailto:intrusions-request at lists.sans.org?subject=subscribe>
Keywords:       	
> On Thu, 2005-01-20 at 19:26, Ken.Connelly at uni.edu wrote:
> > The following extracts show the beginning and ending of scan activity
> > was detected on my network.  The number following each set is the total
> > number of probes for that source.  Timestamps are GMT-0600.
> > 
> > Jan 19 06:01:54 68.164.218.138:2433 -> xxx.yyy.1.1:3306 SYN ******S* 
> > Jan 19 06:01:54 68.164.218.138:2434 -> xxx.yyy.1.2:3306 SYN ******S* 
> 
> 
> The only tools that I've located have been mysqlf**k and another brute
> forcer. Has anyone else found evidence of a MySQL based worm?
> 
> Thanks,
> 
> JC
> _______________________________________________
> Intrusions mailing list
> Intrusions at lists.sans.org
> http://www.dshield.org/mailman/listinfo/intrusions


-------------- next part --------------
The following section of this message contains a file attachment
prepared for transmission using the Internet MIME message format.
If you are using Pegasus Mail, or any other MIME-compliant system,
you should be able to save it or view it from within your mailer.
If you cannot, please ask your system administrator for assistance.

   ---- File information -----------
     File:  20050204-3306.txt
     Date:  5 Feb 2005, 10:11
     Size:  187916 bytes.
     Type:  Text

More information about the Intrusions mailing list