TCP Port 3306
Used by mySQL database server.
If you are running a mySQL database server and wish to allow internet access
(ensure you have strong passwords) then you will need to setup a
port forward within Link Logger for port 3306
such that future
inbound traffic on this port will be logged as normal and not as an alert within
mySQL Bot scans this port looking for mySQL servers with weak passwords and
if it is successful in logging in as root (ie DBA access) then it will use an
exploit to install the bot on the system.
Outbound scans especially if occurring in volume should be considered an indication of a
possible infection or compromise on the source computer and should be
PortPeeker Capture of mySQL Bot attack on
SANS write up on mySQL Bot
Page last updated on
February 09, 2005