In a set of blog posts I will explain to you how different
attacks on the network traffic of MySQL look like and what you
can do to secure your systems againt these kinds of attacks.
How to gain access
To gain access to MySQL network traffic you can use tcpdump,
dumpcap, snoop or whatever the tool to capture network packets on
your OS is. This can be on any device which is part of the
connnection: the server, the client, routers, switches, etc.
Besides application-to-database traffic this attack can also be
done on replication traffic.
This allows you to extract queries and result sets.
The default password hash type [Read more]
uses a nonce to protect against password sniffing. But when you
change a password this will be sent accross the wire by default.
Note that MySQL 5.6 and newer has …