Re: DoS against mysqld
From: Ryan Fox (rfox@backwatcher.com)Date: 08/23/02
- Previous message: Steve: "Re: [VulnDiscuss] Re: Arbitrary Command Execution on Distributor SQL Server 2000 machines (#NISR22002002A)"
- In reply to: luca.ercoli@inwind.it: "DoS against mysqld"
- Next in thread: Bob Castleberry: "RE: DoS against mysqld"
- Reply: Bob Castleberry: "RE: DoS against mysqld"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: Ryan Fox <rfox@backwatcher.com> To: "luca.ercoli@inwind.it" <luca.ercoli@inwind.it> Date: 23 Aug 2002 12:12:52 -0400
On Fri, 2002-08-23 at 06:19, luca.ercoli@inwind.it wrote:
> If are create more than eleven bad connection (ex. Bad Handshake)
> at port mysqld, the server, from this time, block all incoming
> connections.
>
> This is the error:
>
> mysql> connect test 127.0.0.1
> ERROR 1129: Host 'localhost.localdomain' is blocked because of many
> connection errors. Unblock with 'mysqladmin flush-hosts'
This is a good example of why people should contact vendors before
releasing exploits. (I'm assuming the author didn't contact MySQL AB,
because if he had, they would have told him why he was wrong.)
See the page:
http://www.mysql.com/doc/en/Blocked_host.html
This 'exploit' blocks only 1 hostname (not all incoming connections),
and that is the hostname that this 'attack' comes from. The number of
connection errors allowed before a host gets blocked can be set when the
server is started, using the max_connect_errors variable.
Ryan Fox
Backwatcher, Inc.
rfox@backwatcher.com
- Previous message: Steve: "Re: [VulnDiscuss] Re: Arbitrary Command Execution on Distributor SQL Server 2000 machines (#NISR22002002A)"
- In reply to: luca.ercoli@inwind.it: "DoS against mysqld"
- Next in thread: Bob Castleberry: "RE: DoS against mysqld"
- Reply: Bob Castleberry: "RE: DoS against mysqld"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
