Cyber Security Awareness Month - Day 16 - Port 1521

Cyber Security Awareness Month - Day 16 - Port 1521 - Oracle TNS Listener
By default when you install Oracle the TNS Listener is on tcp port 1521. It handles network requests to be passed to a database instance. If it not appropriately secured commands can be sent to the listener, the listener can be shut down, or the databases can be queried. There have been a number of vulnerabilities over the years that have been actively exploited specific to the TNS Listener. If you check the Dshield database for the last while port 1521 has appeared in the 'top 10' a number of times. It would appear as though if you install Oracle it is highly recommended not to expose it to the Internet (or any untrusted network). Obviously a number of people are actively looking for Oracle instances. http://www.dshield.org/port.html?port=1521 Some best practices for the TNS listener: Restrict access to this port Assign a password to the listener Install patches Some examples of CVE entries that involve the TNS Listener: CVE-2008-2625, CVE-2007-5507, CVE-2007-2120, CVE-2006-0265, CVE-2005-3206, CVE-2005-3207, CVE-2004-1369, CVE-2003-1116, CVE-2002-1118, CVE-2002-0965, CVE-2002-0509, CVE-2002-0567, CVE-2001-0498, CVE-2001-0499, CVE-1999-0784, CVE-2000-0986 Some recommended reading: the Oracle Database Listener Security Guide http://www.scribd.com/doc/22455/Oracle-Database-Listener-Security-Guide Please contact us if you have any comments or would like to add to this diary entry. Cheers, Adrien de Beaupré Intru-shun.ca Inc. I will be teaching next: Advanced Web App Penetration Testing, Ethical Hacking, and Exploitation Techniques - SANS Prague March 2021	Adrien de Beaupre 353 Posts ISC Handler Jan 25th 2011
Thread locked Subscribe	Jan 25th 2011 1 decade ago