PDA

Click to See Complete Forum and Search --> : Port 3306

iDxMan
10-07-2000, 04:08 PM
What is this port commonly used for? Lately I seem to keep getting poked on 3306, where their source port is 80.

eg:

Oct 6 22:40:43 fakehostname kernel: Packet log: input DENY eth0 PROTO=6 131.174
.112.11:80 X.X.X.X:3306 L=60 S=0x00 I=53355 F=0x4000 T=40 (#4)
Oct 6 22:40:46 fakehostname kernel: Packet log: input DENY eth0 PROTO=6 131.174
.112.11:80 X.X.X.X:3306 L=60 S=0x00 I=53630 F=0x4000 T=40 (#4)
Oct 6 22:40:52 fakehostname kernel: Packet log: input DENY eth0 PROTO=6 131.174
.112.11:80 X.X.X.X:3306 L=60 S=0x00 I=54990 F=0x4000 T=40 (#4)
Oct 6 22:41:05 fakehostname kernel: Packet log: input DENY eth0 PROTO=6 131.174
.112.11:80 X.X.X.X:3306 L=60 S=0x00 I=57285 F=0x4000 T=40 (#4)
Oct 6 22:41:29 fakehostname kernel: Packet log: input DENY eth0 PROTO=6 131.174
.112.11:80 X.X.X.X:3306 L=60 S=0x00 I=60592 F=0x4000 T=40 (#4)
Oct 6 22:42:18 fakehostname kernel: Packet log: input DENY eth0 PROTO=6 131.174
.112.11:80 X.X.X.X:3306 L=60 S=0x00 I=2483 F=0x4000 T=40 (#4)
Oct 6 22:42:43 fakehostname kernel: Packet log: input DENY eth0 PROTO=6 131.174
.112.11:80 X.X.X.X:3306 L=60 S=0x00 I=4618 F=0x4000 T=40 (#4)
Oct 6 22:43:54 fakehostname kernel: Packet log: input DENY eth0 PROTO=6 131.174
.112.11:80 X.X.X.X:3306 L=60 S=0x00 I=12814 F=0x4000 T=40 (#4)
Oct 6 22:44:43 fakehostname kernel: Packet log: input DENY eth0 PROTO=6 131.174
.112.11:80 X.X.X.X:3306 L=60 S=0x00 I=18975 F=0x4000 T=40 (#4)
Oct 6 22:45:55 fakehostname kernel: Packet log: input DENY eth0 PROTO=6 131.174
.112.11:80 X.X.X.X:3306 L=60 S=0x00 I=28685 F=0x4000 T=40 (#4)


-r
Craig McPherson
10-08-2000, 01:12 AM
Port 3306 is used by MYSQL.

FROM their port 80 TO your port 3306?

Is it possible that some web server somewhere has CGI scripts that are trying to connect to a database on your computer for some reason or another?

Also, since the connection is coming from their port 80, that probably means there's a web server running at that IP address... type it into your web browser and see. You might be able to find a human to talk to about it.

[This message has been edited by Craig McPherson (edited 08 October 2000).]
iDxMan
10-08-2000, 02:43 AM
It directs me to:
http://www.hexon.cx/

Interesting. Wonder if they have some sort of webmonkey bot searching for mysql openings..

And no.. I don't have mysql running for anyone to connect..


-r



[This message has been edited by iDxMan (edited 08 October 2000).]
Craig McPherson
10-08-2000, 06:54 AM
Hmm, well. The language looks like Dutch, and the link to a site in the Netherlands supports that. Anyone speak it?