MySQL server accessible from the internet nmap scan result
Bogopo last edited by
I have a MySQL database on a server which is accessible from the internet and I'm doing some security checks. A nmap script scan shows the information below. I'm curious if an attacker can derive something from this and use it to attack my server?
Is it necessary to add additional security measures?
nmap -p 3306 --script=mysql-info domain.com Starting Nmap 7.91 ( https://nmap.org ) Nmap scan report for domain.com (xxx.xxx.xxx.xxx) Host is up (0.027s latency). rDNS record for xxx.xxx.xxx.xxx: domain.com
PORT STATE SERVICE
3306/tcp open mysql
| Protocol: 10
| Version: 5.7.31-34-log
| Thread ID: 44219127
| Capabilities flags: 65535
| Some Capabilities: IgnoreSpaceBeforeParenthesis, ODBCClient, InteractiveClient, Support41Auth, SupportsCompression, LongPassword, FoundRows, IgnoreSigpipes, LongColumnFlag, DontAllowDatabaseTableColumn, Speaks41ProtocolOld, ConnectWithDatabase, SupportsTransactions, SwitchToSSLAfterHandshake, SupportsLoadDataLocal, Speaks41ProtocolNew, SupportsAuthPlugins, SupportsMultipleResults, SupportsMultipleStatments
| Status: Autocommit
| Salt: ?<m\x12S\x1B\x02Fn\x01~[Q\x11\x0B%\x1A\x03_\x17
|_ Auth Plugin Name: mysql_native_password
Nmap done: 1 IP address (1 host up) scanned in 0.90 seconds
In the event of a vulnerability being discovered targeting this version of MySQL, an attacker could quickly use it to compromise your server.
It's typically recommended to configure some firewall rules to prevent unauthorized access.
For example using iptables:
iptables -A INPUT -s 10.0.0.0/24 -p tcp -m tcp --dport 3306 -j ACCEPT
A firewall rule like this would allow connections to the database server only from local IP addresses and block other connections. (given that iptables has the default action set to INPUT DROP)