Snort mailing list archives

Re: Access denied for user: '@192.168.0.1' -SNORT-

From: twig les <twigles () yahoo com>
Date: Mon, 10 Feb 2003 18:12:37 -0800 (PST)

A couple things strike me off the top of my head.  First thing
is that you should avoid giving the world your real IP address
with your system's config, all in one email.  Just call it
1.1.1.1 or something.

Another thing to try is to re-do the GRANT statement on the
windows box but add "identified by [password]".  I'm pretty sure
I got that syntax right, but you can find the right syntax in
the mysql manual if I didn't.  This might not be it but this is
what my SHOW GRANTS...; looks like:

GRANT ALL PRIVILEGES ON *.* TO 'root'@'localhost' IDENTIFIED BY
PASSWORD 'foo-randomcrap' WITH GRANT OPTION

Then make sure snort's config isn't the problem by SSHing into
the linux box and using the mysql client alone to get in like
this:

mysql -h 192.168.1.10 -u root -p

One last thing is that you prolly don't want to start snort with
the -v option.

--- mike Hughes <mikehughes013 () hotmail com> wrote:

HERE IS MY SETUP SOO you guys can see what im trying to do
better:

--192.168.0.69
Windows mahine running myql,acid,activeworkx ids (managment
machine)--

--192.168.0.1
This is my LAN inetrface on my Linux Machine eth1 GATEWAY for
my LAN--

--142.178.22.12
This is my eth0 on my linux machine the interface conencted to
the 
internet--

I have not set anyhitng on MYSQL on my LINUX machine i just
installed the 
all the RPMS like the reference said--


Ok here is the output of the mysql commands on my windows 
machine(192.168.0.69)

mysql> SHOW DATABASES;
+----------+
| Database |
+----------+
| mysql    |
| snort    |
| test     |
+----------+
3 rows in set (0.00 sec)

mysql> SHOW GRANTS FOR root@localhost
   -> ;

+---------------------------------------------------------------------+

| Grants for root@localhost                                   
       |

+---------------------------------------------------------------------+

| GRANT ALL PRIVILEGES ON *.* TO 'root'@'localhost' WITH GRANT
OPTION |

+---------------------------------------------------------------------+

1 row in set (0.00 sec)

mysql> SHOW GRANTS FOR sensor1@192.168.0.1
   -> ;

+-------------------------------------------------------------------------------

-------+
| Grants for sensor1@192.168.0.1
      |

+-------------------------------------------------------------------------------

-------+
| GRANT SELECT, INSERT, UPDATE, DELETE, CREATE ON `snort`.* TO

'sensor1'@'192.16
8.0.1' |

+-------------------------------------------------------------------------------

-------+
1 row in set (0.00 sec)

mysql>

Ok when i connect to the linux using PUUTY from my management
machine 
windows (192.168.0.69) using putty port 22 I log on to eth0 on
my linux 
machine(142.178.22.12) as root then running this command:

snort-mysql+flexresp -v -c /etc/snort/snort.conf

I get this error:


database: mysql_error: Can't connect to MySQL server on
'192.168.0.69' (110)
Fatal Error, Quitting..

Can you see whats wrong yet? with my settings?
Soo i hope that clears things up for you too see what im
trying to do! 
Thanks for you help guys!;)

_________________________________________________________________

The new MSN 8: smart spam protection and 2 months FREE*  
http://join.msn.com/?page=features/junkmail



-------------------------------------------------------
This SF.NET email is sponsored by:
SourceForge Enterprise Edition + IBM + LinuxWorld = Something
2 See!
http://www.vasoftware.com
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users



=====
-----------------------------------------------------------
Know yourself and know your enemy and you will never fear defeat.         
-----------------------------------------------------------

__________________________________________________
Do you Yahoo!?
Yahoo! Mail Plus - Powerful. Affordable. Sign up now.
http://mailplus.yahoo.com


-------------------------------------------------------
This SF.NET email is sponsored by:
SourceForge Enterprise Edition + IBM + LinuxWorld = Something 2 See!
http://www.vasoftware.com
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

Access denied for user: '@192.168.0.1' -SNORT- mike Hughes (Feb 10)
- Re: Access denied for user: '@192.168.0.1' -SNORT- Kenneth G. Arnold (Feb 10)
- <Possible follow-ups>
- Re: Access denied for user: '@192.168.0.1' -SNORT- mike Hughes (Feb 10)
  - Re: Access denied for user: '@192.168.0.1' -SNORT- twig les (Feb 10)
- RE: Access denied for user: '@192.168.0.1' -SNORT- Schmehl, Paul L (Feb 10)
- Re: Access denied for user: '@192.168.0.1' -SNORT- mike Hughes (Feb 10)
  - Re: Access denied for user: '@192.168.0.1' -SNORT- twig les (Feb 10)
  - Re: Access denied for user: '@192.168.0.1' -SNORT- Kenneth G. Arnold (Feb 10)
    - RE: Access denied for user: '@192.168.0.1' -SNORT- Michael Steele (Feb 10)
    - ACID - Which Database? Yaakov Yehudi (Feb 11)
    - Re: ACID - Which Database? Ken Gunderson (Feb 11)
    - Re: ACID - Which Database? Paul B. Poh (Feb 11)
    - Re: ACID - Which Database? Yaakov Yehudi (Feb 12)
- RE: Access denied for user: '@192.168.0.1' -SNORT- mike Hughes (Feb 10)
- RE: Access denied for user: '@192.168.0.1' -SNORT- mike Hughes (Feb 10)
- Re: Access denied for user: '@192.168.0.1' -SNORT- mike Hughes (Feb 10)
- RE: Access denied for user: '@192.168.0.1' -SNORT- L. Christopher Luther (Feb 11)

(Thread continues...)