[stunnel-users] MySQL client issue

Sat Aug 13 00:39:27 CEST 2005

I keep reading that people are able to connect snort to their remote MySQL database using Stunnel.  The mysqlclient on the client machine uses a random port outbound to 3306 on the remote MySQL host.  I have seen many posts of the same configuration on how to send the MySQL data through stunnel but how can the config be true? I used the same config that is listed below and of course I connect just fine but that is because Snort sends to my remote MySQL database through mysqlclient outbound on a random port inbound to 3306 on the remote MySQL server and the data gets sent.  Do people think that because the data is sent that it went through Stunnel?  If you put a firewall up and block all ports but 3307 on both hosts which is used in these configs, the packet will never leave the client host because if you set logging on your firewall you will see that the connection is not trying to go out over port 3307 it is trying to go out over a random port.  Is there actually a way to bind
 mysqlclient to a port in order for me to use Stunnel?  Also I don't see a way that Stunnel could trap the random port and then begin to encrypt using that random port.  I am suprised, either I am missing something or all these people actually think the data they are sending is encrypted.

--Client--
; Use it for client mode
client = yes
; Service-level configuration
[mysqls]
accept  = 3306
connect = SQLserver:3307

--Server--
[mysqls]
accept  = 3307
connect = 3306

---------------------------------
 Start your day with Yahoo! - make it your home page 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.stunnel.org/pipermail/stunnel-users/attachments/20050812/39cbdc92/attachment.html>