02-04-2019
If i remember correctly 1521 is one of the standard ports for the Oracle listener, so i suppose you have an Oracle database running there. That the listener listens is quite as it should be, no?
What makes you think the server "was hacked"?
I mean, iptables is just a packet filter and as such it cannot discern between legitimate content and an illegitimate one. It filters packets based on IP address (layer 3) and port (layer 4), nothing more, nothing less. Obviously you need to allow traffic to the configured port of the listener otherwise the database would not be usable. So either you allow this port or you disable it (eventually restricting to a certain range of IP addresses), but what content goes over this port (i.e. legitimate database queries vs. malicious content) the packet filter is the wrong tool to assess. For that you will need a "stateful inspection" type of firewall which iptables is not.
Also be aware that the concept of "host based firewalls" is a flawed one per design. A hosts role is either providing a service (that is: some application) OR providing firewall services, but not both! The reason is you don't want the host you want to protect run the firewall itself, beause in this scenario the malicious packages already have reached the interface they are trying to attack. You want the firewall in front of (and separated from) the host you try to protect so that the malicious content doesn't even reach the interface you want to protect.
I hope this helps.
bakunin
Last edited by bakunin; 02-04-2019 at 05:08 PM..
Reason: confused "stateful inspection" with "deep state inspection" - oh, the paranoia
8 More Discussions You Might Find Interesting
1. UNIX for Advanced & Expert Users
I want to write a server application that would accept HTTP requests from client.
The server would be on a machine that has no connection to the INTERNET.
The clients that would be posting their HTTP requests would be doing so through webbrowser .Thus it would be sort of intranet application.... (0 Replies)
Discussion started by: rraajjiibb
0 Replies
2. Linux
Hi,
i think someone has hacked my server, the following rules used to come which i haven't put. Please help me i couldnt find out how this rules are apply,
i think someone has put an script which generates enables the rules.
But after restarting the iptables everything seems to be working... (0 Replies)
Discussion started by: naik_mit
0 Replies
3. UNIX for Dummies Questions & Answers
Just got old ATT server (10 base T)shipped and want to connect to Windows using com port. Got hardware to connect RJ45 from windows box & serial on ATT. I added XP static ip to host file but get no ping return. Do I have to open unix com port? How? (2 Replies)
Discussion started by: kctech
2 Replies
4. UNIX for Advanced & Expert Users
Hello there,
I have a big problem, and I hope somebody can help me. I try to realize a port forward over three server. Here is a picture...
Client Server1 | Server2
------- ------- | -------
|...... | |...... | | |...... ... (2 Replies)
Discussion started by: Art007
2 Replies
5. Cybersecurity
One of the most important ways to keep tou machine secure is to know when it has been broken into. The less time hackers have on your system, the less they can do to it, and the greater you chancens of kicking them off and repairing the damage.
The more sophisticated the hacker, the less likely... (8 Replies)
Discussion started by: binhnx2000
8 Replies
6. UNIX for Dummies Questions & Answers
Hello!
First of all: I am a newbie. :o :(
I have a CentOS 64bit server with Plesk Panel 8.6.
And have been hacked. :mad:
After many tries and support tickets, I am configuring a new server, with Suse 11 and Plesk 9.2.
I know that Plesk 8.6 have a backup utility (Parallels Plesk Control... (3 Replies)
Discussion started by: miguelvidal
3 Replies
7. Cybersecurity
Hi Guys,
My certificate in /etc/ssh is different to what is on port 22.
username@server:~$ ssh-keyscan -p 22 127.0.0.1 > /tmp/rsa.tmp
# 127.0.0.1 SSH-1.99-OpenSSH_33.33
username@server:~$ ssh-keygen -lf /tmp/rsa.tmp
1024 46:something..................... 127.0.0.1... (0 Replies)
Discussion started by: mu100
0 Replies
8. Solaris
please find the below o/p for your reference
bash-3.00# fcinfo hba-port
HBA Port WWN: 21000024ff295a34
OS Device Name: /dev/cfg/c2
Manufacturer: QLogic Corp.
Model: 375-3356-02
Firmware Version: 05.03.02
FCode/BIOS Version: BIOS: 2.02; fcode: 2.01;... (3 Replies)
Discussion started by: sb200
3 Replies
LEARN ABOUT DEBIAN
ka-forwarder
KA-FORWARDER(8) AFS Command Reference KA-FORWARDER(8)
NAME
ka-forwarder - Forward AFS Authentication Server requests to another server
SYNOPSIS
ka-forwarder [-p <port>] <server>[/<port>] [...]
DESCRIPTION
ka-forwarder listens for requests for an AFS Authentication Server and forwards them to a remove fakeka server. fakeka is a server that
answers AFS Authentication Server protocol requests using a regular Kerberos KDC and is provided with some Kerberos 5 implementations.
fakeka has to run on the same host as the Kerberos KDC, however, and AFS clients send all native AFS authentication requests to the AFS
database servers. If you don't want to run your Kerberos KDCs and your AFS database servers on the same host, run ka-forwarder on the AFS
database servers and point it to fakeka running on the Kerberos KDCs.
ka-forwarder takes one or more servers to which to forward the requests. The default port on the remote server to which to forward the
command is 7004, but a different port can be specified by following the server name with a slash ("/") and the port number. If multiple
servers are given, ka-forwarder will send queries to each server in turn in a round-robin fashion.
CAUTIONS
Due to the way that ka-forwarder distinguishes from client requests and server responses, any messages from one of the servers to which ka-
forwarder is forwarding will be considered a reply rather than a command and will not be forwarded. This means that the servers running
fakeka will not be able to use native AFS authentication requests and rely on ka-forwarder to send the requests to the right server.
ka-forwarder does not background itself. It should either be run in the background via the shell, or run via the Basic OverSeer Server
(see bosserver(8)).
OPTIONS
-p <port>
By default, ka-forwarder listens to the standard AFS Authentication Server port (7004). To listen to a different port, specify it with
the -p option.
EXAMPLES
Forward AFS Authentication Server requests to the fakeka servers on kdc1.example.com and kdc2.example.com:
% ka-forwarder kdc1.example.com kdc2.example.com &
Note the "&" to tell the shell to run this command in the background.
PRIVILEGE REQUIRED
ka-forwarder only has to listen to port 7004 and therefore does not require any special privileges unless a privileged port is specified
with the -p option.
SEE ALSO
bosserver(8), fakeka(8), kaserver(8)
COPYRIGHT
Copyright 2006 Russ Allbery <rra@stanford.edu>
This documentation is covered by the IBM Public License Version 1.0. This man page was written by Russ Allbery for OpenAFS.
OpenAFS 2012-03-26 KA-FORWARDER(8)