TheBattleship

Sorry to plug a M$ product, but this tool can be quite handy when disinfecting a client's computer: http://technet.microsoft.com/en-gb/sysinte...s/bb897445.aspx

After various tests, I configured IPSec to drop packets to the port that MySQL was running on, if they came from the internet NIC (as the application that required MySQL didn't need to be accessed from outside the network. Thanks for everyone's help! Matt

Done. By the looks of it, he's still trying(!) I also identified the ISP and sent an abuse email to them.

The image: http://senduit.com/b716ff (Forum software doesn't let you post links on your first post.)

Hi Guys, I run a Windows 2003 Server (no flaming please – it’s part of the job!), which hosts various websites and forums. Recently, I decided to install Cain and Able on it just to see what unencrypted traffic was being passed through (ie bad coding). Unfortunately, this is what I discovered [next post]. I’m not overly concerned, because although I am running a MySQL server, the “root” account isn’t actually called “root”. How can I stop this “attack” from happening and using up bandwidth and clock cycles? Cheers, Matt