GEN:SID 1:1776
Message MYSQL show databases attempt
Summary This event is generated when an attempt is made to use the MySQL 'show' command to garner a list of databases.
Impact Intelligence gathering. This may be the prelude to an attack against one the databases or the MySQL daemon.
Detailed Information This event is generated when the MySQL command 'show' is used to garner a list of MySQL databases being served by the MySQL daemon.

This connection can either be a legitimate telnet connection or the result of spawning a remote shell as a consequence of a successful network exploit.
Affected Systems  
Attack Scenarios A MySQL implementation may inappropriately respond to connections from any host external to the protected network. The atttacker may be able to query the daemon to gain a list of databases available, then continue to garner information from the databases.
Ease of Attack Simple.
Corrective Action Ensure that this event was not generated by a legitimate session then investigate the server for signs of compromise

Look for other events generated by the same IP addresses.
Additional References