Re: Question regarding Oracle listener port change

  • From: Mladen Gogala <gogala.mladen@xxxxxxxxx>
  • To: oracle-l@xxxxxxxxxxxxx
  • Date: Sat, 13 Apr 2019 14:51:05 -0400

Linux nmap command will reveal exposed ports below 9999. It can go even higher, but that needs to specified on the command line. Once the hackers find the port 1521, they can try an assortment of bugs to compromise the database. Oracle is regularly publishing them as CVE patches. After having dealt with several federal customers, I noticed that the databases are usually not patched in timely fashion. That means that there quite a bugs that can be used to gain connection privilege and maybe even escalate it to the DBA level. That is usually done by guessing somebody's password.  I am still seeing stickies with something that is obviously a generated password. Other than that, social engineering is still the best way to get into somebody's computer. Computers have evolved rapidly in the last 70 years, but humans have not.

On 4/5/19 10:01 AM, Bill Ferguson wrote:

I tried using a different port roughly 10 years back, and the rest of my organization really got their feathers ruffled. and I finally had to switch it back to 1521. The overwhelming majority of "DBA's" within my Federal Government organization, don't know anything about Oracle, like most of their software, and install everything with the defaults. I've tried getting the higher level "management" to issue a few basic security mandates about changing the ports, not installing with (or at least de-activating) default settings, etc., and it just falls on deaf ears. When I try doing a mass email to alert the other Oracle "DBA's", I'd usually get an official slap on the wrist and told to quit rocking the boat.

Anyway, I think this is a huge part of the problem with security of Government databases. The people that brown-nosed their way into the positions where they can dictate the policy and direction of the organization have absolutely no idea of what they placed in charge of, and what would be the most common-sense way of approaching the issue. But it is partly because of these security failures that I never mention which Department or Agency I work for. It could possibly open us up to a more concentrated attack, and I also do not want any of opinions to be considered as indicative of the official position or opinion of the group I work for (big legal headaches there).

bill Ferguson

On Thu, Mar 28, 2019 at 5:48 PM DRCDBA (Gmail) <drcdba@xxxxxxxxx <mailto:drcdba@xxxxxxxxx>> wrote:

    Personally I don't keep any database - internal or external facing
    - on port 1521.  Just don't like default settings I guess!

    On Mar 28, 2019, at 5:12 PM, Mark W. Farnham <mwf@xxxxxxxx
    <mailto:mwf@xxxxxxxx>> wrote:

    I’m just curious.

    Doesn’t everyone with a public network wan change the 1521 port
    and put a honey pot on 1521 to absorb attack vectors?

    Do folks actually leave it as 1521 for systems that allow
    off-closed-campus access?


    [mailto:oracle-l-bounce@xxxxxxxxxxxxx] *On Behalf Of *Rakesh Ra
    *Sent:* Wednesday, March 27, 2019 9:18 AM
    *To:* Shane Borden
    *Cc:* Oracle-L Freelists
    *Subject:* Re: Question regarding Oracle listener port change

    Hi All,

    Just to keep you all updated, the reason for port 1521 working
    was , we had teleran software installed which was internally
    swapping the port from 1521 to 1621. Below is the snippet from
    teleran logs.

    managettds.log:03/23/2019 20:05:19:589 TT03235 <INFO> (genericdb)
    Connecting to Knowledge Base:

    managettds.log:03/23/2019 20:05:29:312 TT00712 <INFO> (ttsystem)
    Swapping Oracle port from 1521 to 1621


    Rakesh RA

    On Tue, Mar 26, 2019 at 5:32 PM Shane Borden <sborden76@xxxxxxxxx
    <mailto:sborden76@xxxxxxxxx>> wrote:

        Did you change the ports on both the scan and the local
        listener?  Update the database parameters and re-register?

        Shane Borden
        sborden76@xxxxxxxxx <mailto:sborden76@xxxxxxxxx>
        Sent from my iPhone

        > On Mar 26, 2019, at 7:50 AM, Rakesh Ra
        < <>> wrote:
        > Hi All,
        > We have full rack exadata server X5 version with
        version DB running on it.. We changed the port number of scan
        and local listener from 1521 to 1621.
        > I tried connecting to the database remotely using scan and
        default service with port 1521 , connection is going through.
        I also tried connecting to the database using scan and
        default service using 1621 port as well. With that also I am
        able to connect. Should I ideally get my connection request
        with port 1521 rejected with some TNS errors?? Or is this is
        > Regards,
        > Rakesh RA

-- Bill Ferguson

Mladen Gogala
Database Consultant
Tel: (347) 321-1217

Other related posts: