EN
Русский
TCP
Dangerous
Database
Port 3306 (MySQL)
Learn about port 3306 (MySQL) - security risks, vulnerabilities, and common uses. Find devices with port 3306 open.
Quick Info
Port Number
3306
Protocol
TCP
Service
MySQL
IANA Name
MySQL
Service Description
TCP port 3306 is the standard port used for the MySQL database system. It's primarily utilized for client-server communication, allowing applications and users to connect to and interact with the MySQL database server. The protocol involved is the MySQL Client/Server Protocol, a binary protocol that defines how clients communicate with the MySQL server. This includes authentication, query execution, result set transfer, and other database operations. The protocol begins with a handshake process where the server identifies itself and its capabilities, and the client authenticates itself using credentials. Subsequently, the client sends SQL queries to the server, which parses, optimizes, and executes them, returning the results to the client.
At a technical level, the MySQL server listens on port 3306 for incoming TCP connections. When a client connects, a dedicated thread or process is spawned on the server to handle the client's requests. The MySQL protocol handles the efficient transfer of data, including large result sets, by using packet-based communication. The protocol also supports various features like SSL/TLS encryption for secure communication, compression to reduce bandwidth usage, and prepared statements to optimize query execution. The protocol is designed for both local and remote access, making it a ubiquitous port for database applications.
## Firewall Recommendations
Generally, port 3306 should be blocked from external access unless absolutely necessary. If remote access is required, use a VPN or SSH tunnel to encrypt and secure the connection. Implement strong passwords and multi-factor authentication for all database users. Regularly update the MySQL server software to patch security vulnerabilities. Configure the firewall to only allow connections from trusted IP addresses or networks. Consider using a web application firewall (WAF) to protect against SQL injection attacks. It's also recommended to change the default port (3306) if possible, although this is more of an obscurity measure than a true security enhancement. Regularly audit and monitor database access logs to detect suspicious activity.
At a technical level, the MySQL server listens on port 3306 for incoming TCP connections. When a client connects, a dedicated thread or process is spawned on the server to handle the client's requests. The MySQL protocol handles the efficient transfer of data, including large result sets, by using packet-based communication. The protocol also supports various features like SSL/TLS encryption for secure communication, compression to reduce bandwidth usage, and prepared statements to optimize query execution. The protocol is designed for both local and remote access, making it a ubiquitous port for database applications.
## Firewall Recommendations
Generally, port 3306 should be blocked from external access unless absolutely necessary. If remote access is required, use a VPN or SSH tunnel to encrypt and secure the connection. Implement strong passwords and multi-factor authentication for all database users. Regularly update the MySQL server software to patch security vulnerabilities. Configure the firewall to only allow connections from trusted IP addresses or networks. Consider using a web application firewall (WAF) to protect against SQL injection attacks. It's also recommended to change the default port (3306) if possible, although this is more of an obscurity measure than a true security enhancement. Regularly audit and monitor database access logs to detect suspicious activity.
Security Information
Port 3306 is a significant target for attackers because it provides direct access to the database, which often contains sensitive data. Common attack vectors include brute-force attacks against weak or default credentials, SQL injection vulnerabilities in applications that interact with the database, and exploiting known vulnerabilities in the MySQL server software itself. If the port is exposed to the internet without proper security measures, attackers can attempt to gain unauthorized access to the database, potentially leading to data breaches, data manipulation, or denial-of-service attacks. Furthermore, older versions of MySQL may have known vulnerabilities that attackers can exploit. Misconfigurations, such as allowing remote root access or using default passwords, dramatically increase the risk.
Known Vulnerabilities
| CVE | Name | Severity | Description |
|---|---|---|---|
| CVE-2016-6662 | MySQL Remote Root Code Execution Vulnerability | Critical | A vulnerability in MySQL that allows remote attackers to execute arbitrary code with root privileges via a crafted SQL query. |
| CVE-2012-5615 | MySQL Authentication Bypass Vulnerability | High | An authentication bypass vulnerability exists in MySQL that allows attackers to bypass authentication by exploiting a timing issue in the password hashing algorithm. |
| CVE-2015-3152 | MySQL Information Disclosure Vulnerability | Medium | A vulnerability in MySQL that allows attackers to disclose sensitive information by exploiting a flaw in the handling of temporary files. |
| CVE-2018-1285 | MySQL DoS Vulnerability | Medium | A vulnerability in MySQL that allows attackers to cause a denial-of-service by exploiting a flaw in the handling of certain SQL queries. |
Common Software
- MySQL Server
- MariaDB Server
- phpMyAdmin
- MySQL Workbench
- Navicat
- DBeaver
- HeidiSQL
- Sequel Pro
Find devices with this port
Discover all devices with port 3306 open in any country.
Search Port 3306Find all devices with port 3306 open
ScaniteX scans millions of IPs to find devices with specific ports open. Perfect for security research and network auditing.
Start Mass Scanning