I think most people gain access to the mysql databases through a weak exploitable[usually PHP] script. Its usually the script that has a hole and if the script had superuser access to mysql then its hacked. Otherwise I think maybe restrict IP address from remote IP to only a few approved IPs using a firewall or packet filter so that nobody can try a brute force on your mysql. Just off the top of my head I'm sure theres articles on the net covering all this.
Well, the mysql database is behind two firewalls. One is in front of the web servers and one is between the web servers and database server. The problem I ran into is for some reason while mysql is only locked down to those bank of web servers, for some reason, those mysql database made some random request back to the web servers from port 3306. Very odd.
Whats odd about it? 3306 is the port that mysql uses for remote connects. Are you saying its out of order that the requests are being made?
What is odd is that we block everything, going and coming. While receiving port 3306 isn't strange as that is mysql, for some reason for a 5 minute period, port 3306 from the db was making request to the web servers, random ports in the 60K+, very strange.