MySQL server accessible from the internet nmap scan result



  • I have a MySQL database on a server which is accessible from the internet and I'm doing some security checks. A nmap script scan shows the information below. I'm curious if an attacker can derive something from this and use it to attack my server?

    Is it necessary to add additional security measures?

    nmap -p 3306 --script=mysql-info domain.com                   
    Starting Nmap 7.91 ( https://nmap.org ) 
    Nmap scan report for domain.com (xxx.xxx.xxx.xxx)
    Host is up (0.027s latency).
    rDNS record for xxx.xxx.xxx.xxx: domain.com
    

    PORT STATE SERVICE
    3306/tcp open mysql
    | mysql-info:
    | Protocol: 10
    | Version: 5.7.31-34-log
    | Thread ID: 44219127
    | Capabilities flags: 65535
    | Some Capabilities: IgnoreSpaceBeforeParenthesis, ODBCClient, InteractiveClient, Support41Auth, SupportsCompression, LongPassword, FoundRows, IgnoreSigpipes, LongColumnFlag, DontAllowDatabaseTableColumn, Speaks41ProtocolOld, ConnectWithDatabase, SupportsTransactions, SwitchToSSLAfterHandshake, SupportsLoadDataLocal, Speaks41ProtocolNew, SupportsAuthPlugins, SupportsMultipleResults, SupportsMultipleStatments
    | Status: Autocommit
    | Salt: ?<m\x12S\x1B\x02Fn\x01~[Q\x11\x0B%\x1A\x03_\x17
    |_ Auth Plugin Name: mysql_native_password

    Nmap done: 1 IP address (1 host up) scanned in 0.90 seconds



  • In the event of a vulnerability being discovered targeting this version of MySQL, an attacker could quickly use it to compromise your server.

    It's typically recommended to configure some firewall rules to prevent unauthorized access.

    For example using iptables:

    iptables -A INPUT -s 10.0.0.0/24 -p tcp -m tcp --dport 3306 -j ACCEPT
    

    A firewall rule like this would allow connections to the database server only from local IP addresses and block other connections. (given that iptables has the default action set to INPUT DROP)




Suggested Topics

  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2