Re: Question regarding Oracle listener port change

From: Mladen Gogala <gogala.mladen_at_gmail.com>
Date: Sat, 13 Apr 2019 14:51:05 -0400
Message-ID: <b0e52661-f860-74ab-7913-7f3fc424c0a7_at_gmail.com>

Linux nmap command will reveal exposed ports below 9999. It can go even higher, but that needs to specified on the command line. Once the hackers find the port 1521, they can try an assortment of bugs to compromise the database. Oracle is regularly publishing them as CVE patches. After having dealt with several federal customers, I noticed that the databases are usually not patched in timely fashion. That means that there quite a bugs that can be used to gain connection privilege and maybe even escalate it to the DBA level. That is usually done by guessing somebody's password. I am still seeing stickies with something that is obviously a generated password. Other than that, social engineering is still the best way to get into somebody's computer. Computers have evolved rapidly in the last 70 years, but humans have not.

On 4/5/19 10:01 AM, Bill Ferguson wrote:
> I tried using a different port roughly 10 years back, and the rest of
> my organization really got their feathers ruffled. and I finally had
> to switch it back to 1521. The overwhelming majority of "DBA's" within
> my Federal Government organization, don't know anything about Oracle,
> like most of their software, and install everything with the defaults.
> I've tried getting the higher level "management" to issue a few basic
> security mandates about changing the ports, not installing with (or at
> least de-activating) default settings, etc., and it just falls on deaf
> ears. When I try doing a mass email to alert the other Oracle "DBA's",
> I'd usually get an official slap on the wrist and told to quit rocking
> the boat.
>
> Anyway, I think this is a huge part of the problem with security of
> Government databases. The people that brown-nosed their way into the
> positions where they can dictate the policy and direction of the
> organization have absolutely no idea of what they placed in charge of,
> and what would be the most common-sense way of approaching the issue.
> But it is partly because of these security failures that I never
> mention which Department or Agency I work for. It could possibly open
> us up to a more concentrated attack, and I also do not want any of
> opinions to be considered as indicative of the official position or
> opinion of the group I work for (big legal headaches there).
>
> bill Ferguson
>
> On Thu, Mar 28, 2019 at 5:48 PM DRCDBA (Gmail) <drcdba_at_gmail.com
> <mailto:drcdba_at_gmail.com>> wrote:
>
> Personally I don't keep any database - internal or external facing
> - on port 1521. Just don't like default settings I guess!
>
> On Mar 28, 2019, at 5:12 PM, Mark W. Farnham <mwf_at_rsiz.com
> <mailto:mwf_at_rsiz.com>> wrote:
>
>> I’m just curious.
>>
>> Doesn’t everyone with a public network wan change the 1521 port
>> and put a honey pot on 1521 to absorb attack vectors?
>>
>> Do folks actually leave it as 1521 for systems that allow
>> off-closed-campus access?
>>
>> mwf
>>
>> *From:*oracle-l-bounce_at_freelists.org
>> <mailto:oracle-l-bounce_at_freelists.org>
>> [mailto:oracle-l-bounce_at_freelists.org] *On Behalf Of *Rakesh Ra
>> *Sent:* Wednesday, March 27, 2019 9:18 AM
>> *To:* Shane Borden
>> *Cc:* Oracle-L Freelists
>> *Subject:* Re: Question regarding Oracle listener port change
>>
>> Hi All,
>>
>> Just to keep you all updated, the reason for port 1521 working
>> was , we had teleran software installed which was internally
>> swapping the port from 1521 to 1621. Below is the snippet from
>> teleran logs.
>>
>> managettds.log:03/23/2019 20:05:19:589 TT03235 <INFO> (genericdb)
>> Connecting to Knowledge Base:
>> jdbc:oracle:thin:_at_//xxxxx-scan:1521/<SID>
>>
>> managettds.log:03/23/2019 20:05:29:312 TT00712 <INFO> (ttsystem)
>> Swapping Oracle port from 1521 to 1621
>>
>> Regards,
>>
>> Rakesh RA
>>
>> On Tue, Mar 26, 2019 at 5:32 PM Shane Borden <sborden76_at_gmail.com
>> <mailto:sborden76_at_gmail.com>> wrote:
>>
>> Did you change the ports on both the scan and the local
>> listener? Update the database parameters and re-register?
>>
>> Shane Borden
>> sborden76_at_gmail.com <mailto:sborden76_at_gmail.com>
>> Sent from my iPhone
>>
>> > On Mar 26, 2019, at 7:50 AM, Rakesh Ra
>> <rakeshra.tr_at_gmail.com <mailto:rakeshra.tr_at_gmail.com>> wrote:
>> >
>> > Hi All,
>> >
>> > We have full rack exadata server X5 version with 11.2.0.4
>> version DB running on it.. We changed the port number of scan
>> and local listener from 1521 to 1621.
>> > I tried connecting to the database remotely using scan and
>> default service with port 1521 , connection is going through.
>> I also tried connecting to the database using scan and
>> default service using 1621 port as well. With that also I am
>> able to connect. Should I ideally get my connection request
>> with port 1521 rejected with some TNS errors?? Or is this is
>> expected??
>> >
>> > Regards,
>> > Rakesh RA
>>
>
>
> --
> -- Bill Ferguson

-- 
Mladen Gogala
Database Consultant
Tel: (347) 321-1217


--
http://www.freelists.org/webpage/oracle-l

Received on Sat Apr 13 2019 - 20:51:05 CEST

This message: [ Message body ]
Next message: post.ethan_at_gmail.com: "Random Name Generator"
Previous message: dimensional.dba_at_comcast.net: "RE: System stats"
In reply to: Bill Ferguson: "Re: Question regarding Oracle listener port change"
In reply to Reen, Elizabeth : "RE: Question regarding Oracle listener port change"
Next in thread: Jared Still: "Re: Question regarding Oracle listener port change"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ]

Original text of this message