There is a recent case whereby it was reported that one of the production servers was hacked on port 1521. However, I am not sure how this was possible, as I checked that the OS firewall (iptables) is on :
Code:
[root@fmsproddb satellite]# /etc/init.d/iptables status
Table: nat
Chain PREROUTING (policy ACCEPT)
num target prot opt source destination
Chain POSTROUTING (policy ACCEPT)
num target prot opt source destination
Chain OUTPUT (policy ACCEPT)
num target prot opt source destination
Table: filter
Chain INPUT (policy ACCEPT)
num target prot opt source destination
Chain FORWARD (policy ACCEPT)
num target prot opt source destination
Chain OUTPUT (policy ACCEPT)
num target prot opt source destination
Port 1521 not open :
Code:
[root@fmsproddb satellite]# cat /etc/sysconfig/iptables
# Firewall configuration written by system-config-firewall
# Manual customization of this file is not recommended.
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -p tcp -m state --state NEW --dport 23 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
COMMIT
[root@fmsproddb satellite]#
I assume it is listening because the application is turned on, and thus the service related to port 1521 turned on and that is why it is listening on this port?
Even if the network firewall (physical) is open, if the iptables is running in the server, it should not allow port 1521 to be open/listening?
I can't think of any other way how people can hack the server on port 1521. Please help clear my doubt.
I want to write a server application that would accept HTTP requests from client.
The server would be on a machine that has no connection to the INTERNET.
The clients that would be posting their HTTP requests would be doing so through webbrowser .Thus it would be sort of intranet application.... (0 Replies)
Hi,
i think someone has hacked my server, the following rules used to come which i haven't put. Please help me i couldnt find out how this rules are apply,
i think someone has put an script which generates enables the rules.
But after restarting the iptables everything seems to be working... (0 Replies)
Just got old ATT server (10 base T)shipped and want to connect to Windows using com port. Got hardware to connect RJ45 from windows box & serial on ATT. I added XP static ip to host file but get no ping return. Do I have to open unix com port? How? (2 Replies)
Hello there,
I have a big problem, and I hope somebody can help me. I try to realize a port forward over three server. Here is a picture...
Client Server1 | Server2
------- ------- | -------
|...... | |...... | | |...... ... (2 Replies)
One of the most important ways to keep tou machine secure is to know when it has been broken into. The less time hackers have on your system, the less they can do to it, and the greater you chancens of kicking them off and repairing the damage.
The more sophisticated the hacker, the less likely... (8 Replies)
Hello!
First of all: I am a newbie. :o :(
I have a CentOS 64bit server with Plesk Panel 8.6.
And have been hacked. :mad:
After many tries and support tickets, I am configuring a new server, with Suse 11 and Plesk 9.2.
I know that Plesk 8.6 have a backup utility (Parallels Plesk Control... (3 Replies)
Hi Guys,
My certificate in /etc/ssh is different to what is on port 22.
username@server:~$ ssh-keyscan -p 22 127.0.0.1 > /tmp/rsa.tmp
# 127.0.0.1 SSH-1.99-OpenSSH_33.33
username@server:~$ ssh-keygen -lf /tmp/rsa.tmp
1024 46:something..................... 127.0.0.1... (0 Replies)
please find the below o/p for your reference
bash-3.00# fcinfo hba-port
HBA Port WWN: 21000024ff295a34
OS Device Name: /dev/cfg/c2
Manufacturer: QLogic Corp.
Model: 375-3356-02
Firmware Version: 05.03.02
FCode/BIOS Version: BIOS: 2.02; fcode: 2.01;... (3 Replies)
Discussion started by: sb200
3 Replies
LEARN ABOUT DEBIAN
shorewall6-nesting
SHOREWALL6-NESTING(5) [FIXME: manual] SHOREWALL6-NESTING(5)NAME
nesting - shorewall6 Nested Zones
SYNOPSIS
child-zone[:parent-zone[,parent-zone]...]
DESCRIPTION
In shorewall6-zones[1](5), a zone may be declared to be a sub-zone of one or more other zones using the above syntax. The child-zone may be
neither the firewall zone nor a vserver zone. The firewall zone may not appear as a parent zone, although all vserver zones are handled as
sub-zones of the firewall zone.
Where zones are nested, the CONTINUE policy in shorewall6-policy[2](5) allows hosts that are within multiple zones to be managed under the
rules of all of these zones.
EXAMPLE
/etc/shorewall6/zones:
#ZONE TYPE OPTION
fw firewall
net ipv6
sam:net ipv6
loc ipv6
/etc/shorewall6/interfaces:
#ZONE INTERFACE BROADCAST OPTIONS
- eth0 detect blacklist
loc eth1 detect
/etc/shorewall6/hosts:
#ZONE HOST(S) OPTIONS
net eth0:[::]
sam eth0:[2001:19f0:feee::dead:beef:cafe]
/etc/shorewall6/policy:
#SOURCE DEST POLICY LOG LEVEL
loc net ACCEPT
sam all CONTINUE
net all DROP info
all all REJECT info
The second entry above says that when Sam is the client, connection requests should first be processed under rules where the source zone is
sam and if there is no match then the connection request should be treated under rules where the source zone is net. It is important that
this policy be listed BEFORE the next policy (net to all). You can have this policy generated for you automatically by using the
IMPLICIT_CONTINUE option in shorewall6.conf[3](5).
Partial /etc/shorewall6/rules:
#ACTION SOURCE DEST PROTO DEST PORT(S)
...
ACCEPT sam loc:2001:19f0:feee::3 tcp ssh
ACCEPT net loc:2001:19f0:feee::5 tcp www
...
Given these two rules, Sam can connect with ssh to 2001:19f0:feee::3. Like all hosts in the net zone, Sam can connect to TCP port 80 on
2001:19f0:feee::5. The order of the rules is not significant.
FILES
/etc/shorewall6/zones
/etc/shorewall6/interfaces
/etc/shorewall6/hosts
/etc/shorewall6/policy
/etc/shorewall6/rules
SEE ALSO shorewall6(8), shorewall6-accounting(5), shorewall6-actions(5), shorewall6-blacklist(5), shorewall6-hosts(5), shorewall6-interfaces(5),
shorewall6-maclist(5), shoewall6-netmap(5),shorewall6-params(5), shorewall6-policy(5), shorewall6-providers(5), shorewall6-rtrules(5),
shorewall6-routestopped(5), shorewall6-rules(5), shorewall6.conf(5), shorewall6-secmarks(5), shorewall6-tcclasses(5),
shorewall6-tcdevices(5), shorewall6-tcrules(5), shorewall6-tos(5), shorewall6-tunnels(5), shorewall6-zones(5)NOTES
1. shorewall6-zones
http://www.shorewall.net/manpages6/shorewall-zones.html
2. shorewall6-policy
http://www.shorewall.net/manpages6/shorewall6-policy.html
3. shorewall6.conf
http://www.shorewall.net/manpages6/shorewall6.conf.html
[FIXME: source] 06/28/2012 SHOREWALL6-NESTING(5)