Linux nmap command will reveal exposed ports below 9999. It can go even
higher, but that needs to specified on the command line. Once the
hackers find the port 1521, they can try an assortment of bugs to
compromise the database. Oracle is regularly publishing them as CVE
patches. After having dealt with several federal customers, I noticed
that the databases are usually not patched in timely fashion. That means
that there quite a bugs that can be used to gain connection privilege
and maybe even escalate it to the DBA level. That is usually done by
guessing somebody's password. I am still seeing stickies with something
that is obviously a generated password. Other than that, social
engineering is still the best way to get into somebody's computer.
Computers have evolved rapidly in the last 70 years, but humans have not.
On 4/5/19 10:01 AM, Bill Ferguson wrote:
I tried using a different port roughly 10 years back, and the rest of my organization really got their feathers ruffled. and I finally had to switch it back to 1521. The overwhelming majority of "DBA's" within my Federal Government organization, don't know anything about Oracle, like most of their software, and install everything with the defaults. I've tried getting the higher level "management" to issue a few basic security mandates about changing the ports, not installing with (or at least de-activating) default settings, etc., and it just falls on deaf ears. When I try doing a mass email to alert the other Oracle "DBA's", I'd usually get an official slap on the wrist and told to quit rocking the boat.
Anyway, I think this is a huge part of the problem with security of Government databases. The people that brown-nosed their way into the positions where they can dictate the policy and direction of the organization have absolutely no idea of what they placed in charge of, and what would be the most common-sense way of approaching the issue. But it is partly because of these security failures that I never mention which Department or Agency I work for. It could possibly open us up to a more concentrated attack, and I also do not want any of opinions to be considered as indicative of the official position or opinion of the group I work for (big legal headaches there).
On Thu, Mar 28, 2019 at 5:48 PM DRCDBA (Gmail) <drcdba@xxxxxxxxx <mailto:drcdba@xxxxxxxxx>> wrote:
Personally I don't keep any database - internal or external facing
- on port 1521. Just don't like default settings I guess!
On Mar 28, 2019, at 5:12 PM, Mark W. Farnham <mwf@xxxxxxxx
I’m just curious.
Doesn’t everyone with a public network wan change the 1521 port
and put a honey pot on 1521 to absorb attack vectors?
Do folks actually leave it as 1521 for systems that allow
[mailto:oracle-l-bounce@xxxxxxxxxxxxx] *On Behalf Of *Rakesh Ra
*Sent:* Wednesday, March 27, 2019 9:18 AM
*To:* Shane Borden
*Cc:* Oracle-L Freelists
*Subject:* Re: Question regarding Oracle listener port change
Just to keep you all updated, the reason for port 1521 working
was , we had teleran software installed which was internally
swapping the port from 1521 to 1621. Below is the snippet from
managettds.log:03/23/2019 20:05:19:589 TT03235 <INFO> (genericdb)
Connecting to Knowledge Base:
managettds.log:03/23/2019 20:05:29:312 TT00712 <INFO> (ttsystem)
Swapping Oracle port from 1521 to 1621
On Tue, Mar 26, 2019 at 5:32 PM Shane Borden <sborden76@xxxxxxxxx
Did you change the ports on both the scan and the local
listener? Update the database parameters and re-register?
Sent from my iPhone
> On Mar 26, 2019, at 7:50 AM, Rakesh Ra
<rakeshra.tr@xxxxxxxxx <mailto:rakeshra.tr@xxxxxxxxx>> wrote:
> Hi All,
> We have full rack exadata server X5 version with 18.104.22.168
version DB running on it.. We changed the port number of scan
and local listener from 1521 to 1621.
> I tried connecting to the database remotely using scan and
default service with port 1521 , connection is going through.
I also tried connecting to the database using scan and
default service using 1621 port as well. With that also I am
able to connect. Should I ideally get my connection request
with port 1521 rejected with some TNS errors?? Or is this is
> Rakesh RA
-- Bill Ferguson