Snort mailing list archives

Previous By Date Next
Previous By Thread Next

RE: Access denied for user: '@192.168.0.1' -SNORT-

From: "mike Hughes" <mikehughes013 () hotmail com>
Date: Mon, 10 Feb 2003 18:43:59 -0800
Here is some real results: Ok im going to give you all my interface ip addys soo it might clear up what im trying to do up: 

Internet IP Linux Machine
Eth0 - 142.173.77.22-

Linux Machine LAN interface
Eth1 - 192.168.0.1 -

Windows Machine on my LAN
- 192.168.0.69 -
I installed all the packages on the linux machine that i was suppose to folowing the reference but didnt do anything to MYSQL on the LINUX just installed the RPMS and didnt touch any settings on the LINUX machine only the WINDOWS machine i have set users and stuff: 

Here is the output of commands from my WINDOWS mysql:
mysql> SHOW DATABASES;
+----------+
| Database |
+----------+
| mysql |
| snort |
| test |
+----------+
3 rows in set (0.00 sec)

mysql> SHOW GRANTS FOR root@localhost
-> ;
+---------------------------------------------------------------------+
| Grants for root@localhost |
+---------------------------------------------------------------------+
| GRANT ALL PRIVILEGES ON *.* TO 'root'@'localhost' WITH GRANT OPTION |
+---------------------------------------------------------------------+
1 row in set (0.00 sec)

mysql> SHOW GRANTS FOR sensor1@192.168.0.1
-> ;
+-------------------------------------------------------------------------------
-------+
| Grants for sensor1@192.168.0.1
|
+-------------------------------------------------------------------------------
-------+
| GRANT SELECT, INSERT, UPDATE, DELETE, CREATE ON `snort`.* TO 'sensor1'@'192.16 
8.0.1' |
+-------------------------------------------------------------------------------
-------+
1 row in set (0.00 sec)

mysql>
Soo then the intructions say connct to the LINUX machine from WINDOWS machine using PUTTY and PORT 22 Soo here is what i plug into PUTTY 
IP: 142.173.77.22 Port 22
login as: root
password: rootpassword

Then i run this command

snort-mysql+flexresp -v -c /etc/snort/snort.conf

I get this error:


database: mysql_error: Can't connect to MySQL server on '192.168.0.69' (110)
Fatal Error, Quitting..
Can you see whats wrong yet? with my settings? Maybe i got the ip address messed up i cant tell..any help from that?? Thanksd again for any help 








From: "Schmehl, Paul L" <pauls () utdallas edu>
To: "mike Hughes" <mikehughes013 () hotmail com>
Subject: RE: [Snort-users] Access denied for user: '@192.168.0.1' -SNORT-
Date: Mon, 10 Feb 2003 19:51:10 -0600

Is mysql running?  Any errors in /var/log/messages?  If mysql is
running, any errors in /var/db/mysql/hostname.err?

Paul Schmehl (pauls () utdallas edu)
Adjunct Information Security Officer
The University of Texas at Dallas
http://www.utdallas.edu/~pauls/
AVIEN Founding Member


-----Original Message-----
From: mike Hughes [mailto:mikehughes013 () hotmail com]
Sent: Monday, February 10, 2003 6:38 PM
To: Schmehl, Paul L
Subject: RE: [Snort-users] Access denied for user: '@192.168.0.1'
-SNORT-

Ok when i connect to the linux(192.168.0.1 LAN INTERFACE) machine from
my
management machine windows (192.168.0.69) using putty port 22 I log on
to
eth0 on my linux machine(142.178.22.12) as root then running this
command:

snort-mysql+flexresp -v -c /etc/snort/snort.conf

I get this error:


database: mysql_error: Can't connect to MySQL server on '192.168.0.69'
(110) Fatal Error, Quitting..

Can you see whats wrong yet? with my settings?
See my Linux machine has snort installed on it...and my windows machine
is
managing...   Do ihave to set anything on my sql on the linux machine
too
casue i didnt?Do anything to that...casue the manual didnt mention
too...Soo
i hope that clears things up for you too see what im trying to do!
Thanks
for you help!!!







>From: "Schmehl, Paul L" <pauls () utdallas edu>
>To: "mike Hughes"
><mikehughes013 () hotmail com>,<Snort-users () lists sourceforge net>
>Subject: RE: [Snort-users] Access denied for user: '@192.168.0.1'
-SNORT-
>Date: Mon, 10 Feb 2003 18:16:53 -0600
>
>mysql> SHOW DATABASE
>     ->
>     xxxx
>The -> is telling you that the command isn't finished.  You need a
>semi-colon.  Also, it's DATABASE*S*, not DATABASE.
>
>  mysql> show DATABASES;
>+---------------------+
>| Database            |
>+---------------------+
>| mysql               |
>| snort               |
>| snort_archive_FEB03 |
>+---------------------+
>3 rows in set (0.00 sec)
>
>What is "SHOW GRANTS"?  The proper command is "SHOW GRANTS for
>xxx$hostname", for example:
>
>mysql> SHOW GRANTS FOR root@localhost
>     -> ;
>+----------------------------------------------------------------------
>+-
>----------------------------------------+
>| Grants for root@localhost
>|
>+----------------------------------------------------------------------
>+-
>----------------------------------------+
>| GRANT ALL PRIVILEGES ON *.* TO 'root'@'localhost' IDENTIFIED BY
>PASSWORD 'xxxxxxxx' WITH GRANT OPTION |
>+----------------------------------------------------------------------
>+-
>----------------------------------------+
>1 row in set (0.01 sec)
>
>There is an excellent online manual at
>http://www.mysql.com/doc/en/index.html.
>
>Paul Schmehl (pauls () utdallas edu)
>Adjunct Information Security Officer
>The University of Texas at Dallas http://www.utdallas.edu/~pauls/
>AVIEN Founding Member
>
>
>-----Original Message-----
>From: mike Hughes [mailto:mikehughes013 () hotmail com]
>Sent: Monday, February 10, 2003 5:28 PM
>To: Snort-users () lists sourceforge net
>Subject: Re: [Snort-users] Access denied for user: '@192.168.0.1'
>-SNORT-
>
>
>Ok from my "windows machine (management)" i ran these commands and here

>is the output:
>
>C:\mysql\bin>mysql -u sensor1 -p snort
>Enter password:
>Welcome to the MySQL monitor.  Commands end with ; or \g.
>Your MySQL connection id is 1 to server version: 3.23.55-nt
>
>Type 'help;' or '\h' for help. Type '\c' to clear the buffer.
>
>mysql> SHOW DATABASE
>    ->
>
>mysql> SHOW GRANTS
>    ->
>
>This shouldnt be like this im guessing? ;( HOw can i fix this?
>
>
>
>
>
>
>
> >From: "Kenneth G. Arnold" <bkarnold () cbu edu>
> >To: Snort-users () lists sourceforge net
> >Subject: Re: [Snort-users] Access denied for user: '@192.168.0.1'
> >-SNORT-
> >Date: Mon, 10 Feb 2003 15:38:35 -0600
> >
> >It looks like the host where this snort process is trying to run does

> >not have write access to the mysql database located at 192.168.0.69
>connecting
> >as user sensor1.  Is 192.168.0.1 the host where snort is actually
>running?
> >I am confused as to why the error message doesn't mention user
> >sensor1@192.168.0.1 if that is the case.  There doesn't appear to be
> >a
>user
> >specified in the error message yet the log shows that it knows the
> >user
>is
> >sensor1.  Anyway, you need to make sure that the MySQL database has
>write
> >permission for user sensor1 connecting from 192.168.0.1 (or wherever
>your
> >snort machine is located).  Page 19 of the Snort Installation Manual
>for
> >Snort, MySQL and ACID on Redhat 7.3 describes how to do this for a
> >user
>
> >snort from both the localhost and from all hosts. I would recommend
>that
> >you only allow access from the specific hosts that need it. That
> >documentation is located at
> >http://www.snort.org/docs/snort-rh7-mysql-ACID-1-5.pdf
> >
> >Ken
> >
> >At 12:46 PM 2/10/03 -0800, mike Hughes wrote:
> >>Whats up guys...i am folowing this as my refernce:
> >>http://www.sans.org/rr/intrusion/practical_guide.php
> >>Im on the second to last step and am stuck and cant figure it
> >>out...Im
>
> >>a
> >>noob to mysql tooo im getting this error:
> >>database: mysql_error: Access denied for user: '@192.168.0.1' to
>database
> >>'snort'
> >>Fatal Error, Quitting..
> >
> >
> >
> >-------------------------------------------------------
> >This SF.NET email is sponsored by:
> >SourceForge Enterprise Edition + IBM + LinuxWorld = Something 2 See!
> >http://www.vasoftware.com
> >_______________________________________________
> >Snort-users mailing list
> >Snort-users () lists sourceforge net
> >Go to this URL to change user options or unsubscribe:
> >https://lists.sourceforge.net/lists/listinfo/snort-users
> >Snort-users list archive:
> >http://www.geocrawler.com/redir-sf.php3?list=snort-users
>
>
>_________________________________________________________________
>The new MSN 8: smart spam protection and 2 months FREE*
>http://join.msn.com/?page=features/junkmail
>
>
>
>-------------------------------------------------------
>This SF.NET email is sponsored by:
>SourceForge Enterprise Edition + IBM + LinuxWorld = Something 2 See!
>http://www.vasoftware.com
>_______________________________________________
>Snort-users mailing list
>Snort-users () lists sourceforge net
>Go to this URL to change user options or unsubscribe:
>https://lists.sourceforge.net/lists/listinfo/snort-users
>Snort-users list archive:
>http://www.geocrawler.com/redir-sf.php3?list=snort-users


_________________________________________________________________
Tired of spam? Get advanced junk mail protection with MSN 8.
http://join.msn.com/?page=features/junkmail



_________________________________________________________________
The new MSN 8: smart spam protection and 2 months FREE* http://join.msn.com/?page=features/junkmail 



-------------------------------------------------------
This SF.NET email is sponsored by:
SourceForge Enterprise Edition + IBM + LinuxWorld = Something 2 See!
http://www.vasoftware.com
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: