Was this IP any of you? 'show tables' is not something that ASM generally does by itself; is usually a remote driven thing. It's one of the things someone trying to break into a DB who had gained a foothold would do, so I have an alert on it. -------- Original Message -------- Subject: Snort alert for mickaboo Date: Sat, 7 Feb 2009 13:40:01 -0800 (PST) From: root@mail.mickaboo.org (root) To: amuse@foofus.com 11789,11794d11788 < [**] [1:10000001:3] MYSQL show tables attempt [**] < [Classification: Mickaboo-Custom intrustion detection] [Priority: 1] < 02/07-13:36:43.427806 65.203.63.162:63486 -> 64.62.194.139:3306 < TCP TTL:120 TOS:0x0 ID:18744 IpLen:20 DgmLen:56 DF < ***AP*** Seq: 0x2FFEF58 Ack: 0xDE5396B6 Win: 0x21E6 TcpLen: 20 <