Access denied for user: '@192.168.0.1' -SNORT-
mike Hughes
mikehughes013
Mon May 17 11:44:20 PDT 2004
Here is some real results: Ok im going to just give you all my interface ip
addys soo it might clear what im trying to do up:
Internet IP Linux Machine
eth0 - 142.173.77.22-
Linux Machine LAN interface
eth1 - 192.168.0.1 -
Windows Machine on my LAN
- 192.168.0.69 -
I installed all the packages on the linux machine that i was suppose to
folowing the reference but didnt do anything to MYSQL didnt touch any
setting just installed the RPM on the LINUX machine ONLY the WINDOWS machine
i have set users and database and stuff:
Here is the output of commands from my WINDOWS mysql:
mysql> SHOW DATABASES;
+----------+
| Database |
+----------+
| mysql |
| snort |
| test |
+----------+
3 rows in set (0.00 sec)
mysql> SHOW GRANTS FOR root at localhost
-> ;
+---------------------------------------------------------------------+
| Grants for root at localhost |
+---------------------------------------------------------------------+
| GRANT ALL PRIVILEGES ON *.* TO 'root'@'localhost' WITH GRANT OPTION |
+---------------------------------------------------------------------+
1 row in set (0.00 sec)
mysql> SHOW GRANTS FOR sensor1 at 192.168.0.1
-> ;
+-------------------------------------------------------------------------------
-------+
| Grants for sensor1 at 192.168.0.1
|
+-------------------------------------------------------------------------------
-------+
| GRANT SELECT, INSERT, UPDATE, DELETE, CREATE ON `snort`.* TO
'sensor1'@'192.16
8.0.1' |
+-------------------------------------------------------------------------------
-------+
1 row in set (0.00 sec)
mysql>
Soo then the intructions say connect to the LINUX machine from WINDOWS
machine using PUTTY and PORT 22 Soo here is what i plug into PUTTY
IP: 142.173.77.22 Port 22
login as: root
password: rootpassword
Then i run this command
snort-mysql+flexresp -v -c /etc/snort/snort.conf
I get this error:
database: mysql_error: Can't connect to MySQL server on '192.168.0.69' (110)
Fatal Error, Quitting..
Can you see whats wrong yet? with my settings? Maybe i got the ip address
messed up i cant tell..any help from that?? Thanks again for any help
>From: "Wil McGilvery" <wmcgilvery at lynch.ca>
>Reply-To: linux-users at linux-sxs.org
>To: <linux-users at linux-sxs.org>
>Subject: RE: Access denied for user: '@192.168.0.1' -SNORT-
>Date: Mon, 10 Feb 2003 21:17:52 -0500
>
>I am really very sorry for my poor typing skills.
>
>I omitted one very important thing - every mysql command ends in ';'
>
>Therefore SHOW DATABASE should be SHOW DATABASE;
>
>The SHOW GRANTS should be SHOW GRANTS FOR sensor1 at localhost; (or ip
>address)
>
>My apologies for this mistake.
>
>Regards,
>
>Wil McGilvery
>Manager, Digital Media
>
>
>
>416-744-7191
>416-716-3964 (cell)
>1-888-622-3729
>416-744-0406 FAX
>www.LynchDigital.com
>
>
>-----Original Message-----
>From: mike Hughes [mailto:mikehughes013 at hotmail.com]
>Sent: Monday, February 10, 2003 6:25 PM
>To: linux-users at linux-sxs.org
>Subject: RE: Access denied for user: '@192.168.0.1' -SNORT-
>
>Ok from my "windows machine (management)" i ran these commands and here is
>the output:
>
>C:\mysql\bin>mysql -u sensor1 -p snort
>Enter password:
>Welcome to the MySQL monitor. Commands end with ; or \g.
>Your MySQL connection id is 1 to server version: 3.23.55-nt
>
>Type 'help;' or '\h' for help. Type '\c' to clear the buffer.
>
>mysql> SHOW DATABASE
> ->
>
>mysql> SHOW GRANTS
> ->
>
>This shouldnt be like this im guessing? ;( HOw can i fix this?
>
>
>
>
>
>
>
> >From: "Wil McGilvery" <wmcgilvery at lynch.ca>
> >Reply-To: linux-users at linux-sxs.org
> >To: <linux-users at linux-sxs.org>
> >Subject: RE: Access denied for user: '@192.168.0.1' -SNORT-
> >Date: Mon, 10 Feb 2003 16:40:02 -0500
> >
> >I believe the syntax is the same regardless of what O/S you have.
> >
> >Have you tried connecting from your shell?
> >
> >shell> mysql -u (user_name) -p (name of database use mysql or test)
> >
> ><enter password when prompted or leave blank if no password>
> >
> >To see your databases use ..
> >
> >mysql> SHOW DATABASES
> >
> >To see priviledges for sensor1@"ipaddress" use..
> >
> >mysql> SHOW GRANTS FOR sensor1@"ipaddress"
> >
> >I noticed that you used sensor1 at 172.42.64.11 when you granted privileges
> >and the snort error used @192.168.0.1. You may want to check this out.
> >
> >
> >There are some very good admin tools that will assist you in the
> >administration of mysql.
> >
> >Try:
> >
> >http://www.phpwizard.net/projects/phpMyAdmin/
> >
> >http://www.webyog.com/sqlyog/index.html
> >
> >HTH
> >
> >Regards,
> >
> >Wil McGilvery
> >Manager, Digital Media
> >
> >
> >
> >416-744-7191
> >416-716-3964 (cell)
> >1-888-622-3729
> >416-744-0406 FAX
> >www.LynchDigital.com
> >
> >
> >-----Original Message-----
> >From: Net Llama! [mailto:netllama at linux-sxs.org]
> >Sent: Monday, February 10, 2003 3:57 PM
> >To: linux-users at linux-sxs.org
> >Subject: RE: Access denied for user: '@192.168.0.1' -SNORT-
> >
> >I've never used mysql on a windoze box, so its really hard to say if what
> >you did was right or wrong.
> >
> >On Mon, 10 Feb 2003, mike Hughes wrote:
> > > Hey whats up?
> > >
> > > when i created the mysql database on my windows machine this is what i
> >did:
> > >
> > > cd c:\mysql\bin
> > >
> > > MySQL grant INSERT,SELECT,CREATE,DELETE on snort.* to snort;
> > >
> > > grant INSERT,SELECT,CREATE,DELETE on snort.* to sensor1 at 172.42.64.11;
> > >
> > > ## IS THIS right was it suppose to be named sensor1 at my inetrnet ip or
> >was it
> > > suppose to be named my LAN ip og my LINUX machine??
> > > Well then i did:
> > >
> > > exit
> > >
> > > MySQL -u snort snort < c:\SnortM\snortdb\create_mysql
> > >
> > > Exit ( To exit the shell window)
> > >
> > > >From: Net Llama! <netllama at linux-sxs.org>
> > > >Reply-To: linux-users at linux-sxs.org
> > > >To: linux-users at linux-sxs.org
> > > >Subject: RE: Access denied for user: '@192.168.0.1' -SNORT-
> > > >Date: Mon, 10 Feb 2003 10:30:44 -0500 (EST)
> > > >
> > > >In deed, that sounds like the problem to me as well. "@192.168.0.1"
> > > >sounds like a really strange name for a mysql user. You sure that
>you
> >set
> > > >it up properly?
> > > >
> > > >On Mon, 10 Feb 2003, Wil McGilvery wrote:
> > > >
> > > > > I am not an expert on snort, but it looks like the user that is
> >trying
> > > >to log onto your database does not have permission to access it.
> > > > >
> > > > > Have you tried to access your database with that user outside of
> >snort?
> > > > >
> > > > > www.mysql.com has very good documentation about setting up and
> > > >configuring a database.
> > > > >
> > > > >
> > > > > Wil McGilvery
> > > > > Manager, Digital Media
> > > > >
> > > > >
> > > > >
> > > > > 416-744-7191
> > > > > 416-716-3964 (cell)
> > > > > 1-888-622-3729
> > > > > 416-744-0406 FAX
> > > > > www.LynchDigital.com
> > > > >
> > > > >
> > > > > -----Original Message-----
> > > > > From: mike Hughes [mailto:mikehughes013 at hotmail.com]
> > > > > Sent: Monday, February 10, 2003 6:13 AM
> > > > > To: linux-users at linux-sxs.org
> > > > > Subject: Access denied for user: '@192.168.0.1' -SNORT-
> > > > >
> > > > > whaaats up guys...
> > > > >
> > > > > I have worked at this for a while now but cant figure it out...I
> >have
> > > >been
> > > > > trying to get snort working using this as my reference but am
>stuck
> >on
> > > >the
> > > > > send to last step HELP!
> > > > > here is my reference:
> > > > > http://www.sans.org/rr/intrusion/practical_guide.php
> > > > > Fragment Problems: 0
> > > > > telnet_decode arguments:
> > > > > Ports to decode telnet on: 21 23 25 119
> > > > > ERROR spp_arpspoof /etc/snort/snort.conf(39) => Cannot initialize
> > > > > arpspoof_detect_host without arpspoof
> > > > > database: compiled support for ( mysql )
> > > > > database: configured to use mysql
> > > > > database: database name = snort
> > > > > database: user = sensor1
> > > > > database: host = 192.168.0.69
> > > > > database: port = 3306
> > > > > database: sensor name = Sensor1
> > > > > database: detail level = full
> > > > > database: mysql_error: Access denied for user: '@192.168.0.1' to
> > > >database
> > > > > 'snort'
> > > > > Fatal Error, Quitting..
> > > > >
> > > > > How can i debug this and try to figure out what setting is
>wrong???
> > > > > Im a newbie to mysql soo im not too sure how to see those
>settings:
> >but
> > > >i
> > > > > followed the directions properly.
> >
> >--
> >~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> >Lonni J Friedman netllama at linux-sxs.org
> >Linux Step-by-step & TyGeMo http://netllama.ipfox.com
> >
> >_______________________________________________
> >Linux-users mailing list
> >Linux-users at linux-sxs.org
> >Unsubscribe/Suspend/Etc ->
> >http://www.linux-sxs.org/mailman/listinfo/linux-users
> >
> >_______________________________________________
> >Linux-users mailing list
> >Linux-users at linux-sxs.org
> >Unsubscribe/Suspend/Etc ->
> >http://www.linux-sxs.org/mailman/listinfo/linux-users
>
>
>_________________________________________________________________
>MSN 8 helps eliminate e-mail viruses. Get 2 months FREE*.
>http://join.msn.com/?page=features/virus
>
>_______________________________________________
>Linux-users mailing list
>Linux-users at linux-sxs.org
>Unsubscribe/Suspend/Etc ->
>http://www.linux-sxs.org/mailman/listinfo/linux-users
>
>_______________________________________________
>Linux-users mailing list
>Linux-users at linux-sxs.org
>Unsubscribe/Suspend/Etc ->
>http://www.linux-sxs.org/mailman/listinfo/linux-users
_________________________________________________________________
Protect your PC - get McAfee.com VirusScan Online
http://clinic.mcafee.com/clinic/ibuy/campaign.asp?cid=3963
More information about the Linux-users
mailing list