TCP Port 3306
Link Logger Home ZyXel Banner Binary Visions
Netgear
LinkSYS
Router

TCP 3306
Link Logger for Windows
Home Home Product Info Product Info Download Download/Purchase Support Support  
Link Logger for Windows

NewsLatest News

Screen ShotsScreenshots

Customer CommentsFeedback

Common ScansScans

Additional ResourcesResources

TCP Port 3306

Common Use

Used by mySQL database server.

Inbound Traffic

If you are running a mySQL database server and wish to allow internet access (ensure you have strong passwords) then you will need to setup a port forward within Link Logger for port 3306 such that future inbound traffic on this port will be logged as normal and not as an alert within Link Logger.

mySQL Bot scans this port looking for mySQL servers with weak passwords and if it is successful in logging in as root (ie DBA access) then it will use an exploit to install the bot on the system.

Outbound Traffic

Outbound scans especially if occurring in volume should be considered an indication of a possible infection or compromise on the source computer and should be investigated immediately.

Additional Information

PortPeeker Capture of mySQL Bot attack on 3306

SANS write up on mySQL Bot

Page last updated on February 09, 2005