Access denied for user: '@192.168.0.1' -SNORT-
Wil McGilvery
wmcgilvery
Mon May 17 11:44:21 PDT 2004
Ok.
I will repeat that I am far form a snort/mysql guru, but this what I think you should try.
1) Try connecting to the lan address (192.168.0.1) using putty instead of the ethernet address. Are you working locally? If so you shouldn't need to use your exposed ip address. The show grants command shows permissions for sensor1 at 192.168.0.1. Does it also show permissions for sensor1 at 142.173.77.22?
2) Temporarily grant wide open access to sensor1 by using the command..
mysql> GRANT ALL PRIVILEGES ON *.* TO sensor1@'192.168.0.%'
-> IDENTIFIED BY 'enter password' WITH GRANT OPTION;
This will allow sensor1 to connect from any machine on your internal LAN.
I am pretty sure this is a permissions issue.
You can also try http://www.mysql.com/doc/en/Access_denied.html
Regards,
Wil McGilvery
Manager, Digital Media
416-744-7191
416-716-3964 (cell)
1-888-622-3729
416-744-0406? FAX
www.LynchDigital.com
-----Original Message-----
From: mike Hughes [mailto:mikehughes013 at hotmail.com]
Sent: Monday, February 10, 2003 9:34 PM
To: linux-users at linux-sxs.org
Subject: RE: Access denied for user: '@192.168.0.1' -SNORT-
Here is some real results: Ok im going to just give you all my interface ip
addys soo it might clear what im trying to do up:
Internet IP Linux Machine
eth0 - 142.173.77.22-
Linux Machine LAN interface
eth1 - 192.168.0.1 -
Windows Machine on my LAN
- 192.168.0.69 -
I installed all the packages on the linux machine that i was suppose to
folowing the reference but didnt do anything to MYSQL didnt touch any
setting just installed the RPM on the LINUX machine ONLY the WINDOWS machine
i have set users and database and stuff:
Here is the output of commands from my WINDOWS mysql:
mysql> SHOW DATABASES;
+----------+
| Database |
+----------+
| mysql |
| snort |
| test |
+----------+
3 rows in set (0.00 sec)
mysql> SHOW GRANTS FOR root at localhost
-> ;
+---------------------------------------------------------------------+
| Grants for root at localhost |
+---------------------------------------------------------------------+
| GRANT ALL PRIVILEGES ON *.* TO 'root'@'localhost' WITH GRANT OPTION |
+---------------------------------------------------------------------+
1 row in set (0.00 sec)
mysql> SHOW GRANTS FOR sensor1 at 192.168.0.1
-> ;
+-------------------------------------------------------------------------------
-------+
| Grants for sensor1 at 192.168.0.1
|
+-------------------------------------------------------------------------------
-------+
| GRANT SELECT, INSERT, UPDATE, DELETE, CREATE ON `snort`.* TO
'sensor1'@'192.16
8.0.1' |
+-------------------------------------------------------------------------------
-------+
1 row in set (0.00 sec)
mysql>
Soo then the intructions say connect to the LINUX machine from WINDOWS
machine using PUTTY and PORT 22 Soo here is what i plug into PUTTY
IP: 142.173.77.22 Port 22
login as: root
password: rootpassword
Then i run this command
snort-mysql+flexresp -v -c /etc/snort/snort.conf
I get this error:
database: mysql_error: Can't connect to MySQL server on '192.168.0.69' (110)
Fatal Error, Quitting..
Can you see whats wrong yet? with my settings? Maybe i got the ip address
messed up i cant tell..any help from that?? Thanks again for any help
>From: "Wil McGilvery" <wmcgilvery at lynch.ca>
>Reply-To: linux-users at linux-sxs.org
>To: <linux-users at linux-sxs.org>
>Subject: RE: Access denied for user: '@192.168.0.1' -SNORT-
>Date: Mon, 10 Feb 2003 21:17:52 -0500
>
>I am really very sorry for my poor typing skills.
>
>I omitted one very important thing - every mysql command ends in ';'
>
>Therefore SHOW DATABASE should be SHOW DATABASE;
>
>The SHOW GRANTS should be SHOW GRANTS FOR sensor1 at localhost; (or ip
>address)
>
>My apologies for this mistake.
>
>Regards,
>
>Wil McGilvery
>Manager, Digital Media
>
>
>
>416-744-7191
>416-716-3964 (cell)
>1-888-622-3729
>416-744-0406? FAX
>www.LynchDigital.com
>
>
>-----Original Message-----
>From: mike Hughes [mailto:mikehughes013 at hotmail.com]
>Sent: Monday, February 10, 2003 6:25 PM
>To: linux-users at linux-sxs.org
>Subject: RE: Access denied for user: '@192.168.0.1' -SNORT-
>
>Ok from my "windows machine (management)" i ran these commands and here is
>the output:
>
>C:\mysql\bin>mysql -u sensor1 -p snort
>Enter password:
>Welcome to the MySQL monitor. Commands end with ; or \g.
>Your MySQL connection id is 1 to server version: 3.23.55-nt
>
>Type 'help;' or '\h' for help. Type '\c' to clear the buffer.
>
>mysql> SHOW DATABASE
> ->
>
>mysql> SHOW GRANTS
> ->
>
>This shouldnt be like this im guessing? ;( HOw can i fix this?
>
>
>
>
>
>
>
> >From: "Wil McGilvery" <wmcgilvery at lynch.ca>
> >Reply-To: linux-users at linux-sxs.org
> >To: <linux-users at linux-sxs.org>
> >Subject: RE: Access denied for user: '@192.168.0.1' -SNORT-
> >Date: Mon, 10 Feb 2003 16:40:02 -0500
> >
> >I believe the syntax is the same regardless of what O/S you have.
> >
> >Have you tried connecting from your shell?
> >
> >shell> mysql -u (user_name) -p (name of database use mysql or test)
> >
> ><enter password when prompted or leave blank if no password>
> >
> >To see your databases use ..
> >
> >mysql> SHOW DATABASES
> >
> >To see priviledges for sensor1@"ipaddress" use..
> >
> >mysql> SHOW GRANTS FOR sensor1@"ipaddress"
> >
> >I noticed that you used sensor1 at 172.42.64.11 when you granted privileges
> >and the snort error used @192.168.0.1. You may want to check this out.
> >
> >
> >There are some very good admin tools that will assist you in the
> >administration of mysql.
> >
> >Try:
> >
> >http://www.phpwizard.net/projects/phpMyAdmin/
> >
> >http://www.webyog.com/sqlyog/index.html
> >
> >HTH
> >
> >Regards,
> >
> >Wil McGilvery
> >Manager, Digital Media
> >
> >
> >
> >416-744-7191
> >416-716-3964 (cell)
> >1-888-622-3729
> >416-744-0406? FAX
> >www.LynchDigital.com
> >
> >
> >-----Original Message-----
> >From: Net Llama! [mailto:netllama at linux-sxs.org]
> >Sent: Monday, February 10, 2003 3:57 PM
> >To: linux-users at linux-sxs.org
> >Subject: RE: Access denied for user: '@192.168.0.1' -SNORT-
> >
> >I've never used mysql on a windoze box, so its really hard to say if what
> >you did was right or wrong.
> >
> >On Mon, 10 Feb 2003, mike Hughes wrote:
> > > Hey whats up?
> > >
> > > when i created the mysql database on my windows machine this is what i
> >did:
> > >
> > > cd c:\mysql\bin
> > >
> > > MySQL grant INSERT,SELECT,CREATE,DELETE on snort.* to snort;
> > >
> > > grant INSERT,SELECT,CREATE,DELETE on snort.* to sensor1 at 172.42.64.11;
> > >
> > > ## IS THIS right was it suppose to be named sensor1 at my inetrnet ip or
> >was it
> > > suppose to be named my LAN ip og my LINUX machine??
> > > Well then i did:
> > >
> > > exit
> > >
> > > MySQL -u snort snort < c:\SnortM\snortdb\create_mysql
> > >
> > > Exit ( To exit the shell window)
> > >
> > > >From: Net Llama! <netllama at linux-sxs.org>
> > > >Reply-To: linux-users at linux-sxs.org
> > > >To: linux-users at linux-sxs.org
> > > >Subject: RE: Access denied for user: '@192.168.0.1' -SNORT-
> > > >Date: Mon, 10 Feb 2003 10:30:44 -0500 (EST)
> > > >
> > > >In deed, that sounds like the problem to me as well. "@192.168.0.1"
> > > >sounds like a really strange name for a mysql user. You sure that
>you
> >set
> > > >it up properly?
> > > >
> > > >On Mon, 10 Feb 2003, Wil McGilvery wrote:
> > > >
> > > > > I am not an expert on snort, but it looks like the user that is
> >trying
> > > >to log onto your database does not have permission to access it.
> > > > >
> > > > > Have you tried to access your database with that user outside of
> >snort?
> > > > >
> > > > > www.mysql.com has very good documentation about setting up and
> > > >configuring a database.
> > > > >
> > > > >
> > > > > Wil McGilvery
> > > > > Manager, Digital Media
> > > > >
> > > > >
> > > > >
> > > > > 416-744-7191
> > > > > 416-716-3964 (cell)
> > > > > 1-888-622-3729
> > > > > 416-744-0406? FAX
> > > > > www.LynchDigital.com
> > > > >
> > > > >
> > > > > -----Original Message-----
> > > > > From: mike Hughes [mailto:mikehughes013 at hotmail.com]
> > > > > Sent: Monday, February 10, 2003 6:13 AM
> > > > > To: linux-users at linux-sxs.org
> > > > > Subject: Access denied for user: '@192.168.0.1' -SNORT-
> > > > >
> > > > > whaaats up guys...
> > > > >
> > > > > I have worked at this for a while now but cant figure it out...I
> >have
> > > >been
> > > > > trying to get snort working using this as my reference but am
>stuck
> >on
> > > >the
> > > > > send to last step HELP!
> > > > > here is my reference:
> > > > > http://www.sans.org/rr/intrusion/practical_guide.php
> > > > > Fragment Problems: 0
> > > > > telnet_decode arguments:
> > > > > Ports to decode telnet on: 21 23 25 119
> > > > > ERROR spp_arpspoof /etc/snort/snort.conf(39) => Cannot initialize
> > > > > arpspoof_detect_host without arpspoof
> > > > > database: compiled support for ( mysql )
> > > > > database: configured to use mysql
> > > > > database: database name = snort
> > > > > database: user = sensor1
> > > > > database: host = 192.168.0.69
> > > > > database: port = 3306
> > > > > database: sensor name = Sensor1
> > > > > database: detail level = full
> > > > > database: mysql_error: Access denied for user: '@192.168.0.1' to
> > > >database
> > > > > 'snort'
> > > > > Fatal Error, Quitting..
> > > > >
> > > > > How can i debug this and try to figure out what setting is
>wrong???
> > > > > Im a newbie to mysql soo im not too sure how to see those
>settings:
> >but
> > > >i
> > > > > followed the directions properly.
> >
> >--
> >~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> >Lonni J Friedman netllama at linux-sxs.org
> >Linux Step-by-step & TyGeMo http://netllama.ipfox.com
> >
> >_______________________________________________
> >Linux-users mailing list
> >Linux-users at linux-sxs.org
> >Unsubscribe/Suspend/Etc ->
> >http://www.linux-sxs.org/mailman/listinfo/linux-users
> >
> >_______________________________________________
> >Linux-users mailing list
> >Linux-users at linux-sxs.org
> >Unsubscribe/Suspend/Etc ->
> >http://www.linux-sxs.org/mailman/listinfo/linux-users
>
>
>_________________________________________________________________
>MSN 8 helps eliminate e-mail viruses. Get 2 months FREE*.
>http://join.msn.com/?page=features/virus
>
>_______________________________________________
>Linux-users mailing list
>Linux-users at linux-sxs.org
>Unsubscribe/Suspend/Etc ->
>http://www.linux-sxs.org/mailman/listinfo/linux-users
>
>_______________________________________________
>Linux-users mailing list
>Linux-users at linux-sxs.org
>Unsubscribe/Suspend/Etc ->
>http://www.linux-sxs.org/mailman/listinfo/linux-users
_________________________________________________________________
Protect your PC - get McAfee.com VirusScan Online
http://clinic.mcafee.com/clinic/ibuy/campaign.asp?cid=3963
_______________________________________________
Linux-users mailing list
Linux-users at linux-sxs.org
Unsubscribe/Suspend/Etc -> http://www.linux-sxs.org/mailman/listinfo/linux-users
More information about the Linux-users
mailing list