Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Server hacked on known port
Special Forums Cybersecurity Server hacked on known port Post 303029984 by bakunin on Monday 4th of February 2019 06:37:06 AM
Old 02-04-2019
If i remember correctly 1521 is one of the standard ports for the Oracle listener, so i suppose you have an Oracle database running there. That the listener listens is quite as it should be, no?

What makes you think the server "was hacked"?

I mean, iptables is just a packet filter and as such it cannot discern between legitimate content and an illegitimate one. It filters packets based on IP address (layer 3) and port (layer 4), nothing more, nothing less. Obviously you need to allow traffic to the configured port of the listener otherwise the database would not be usable. So either you allow this port or you disable it (eventually restricting to a certain range of IP addresses), but what content goes over this port (i.e. legitimate database queries vs. malicious content) the packet filter is the wrong tool to assess. For that you will need a "stateful inspection" type of firewall which iptables is not.

Also be aware that the concept of "host based firewalls" is a flawed one per design. A hosts role is either providing a service (that is: some application) OR providing firewall services, but not both! The reason is you don't want the host you want to protect run the firewall itself, beause in this scenario the malicious packages already have reached the interface they are trying to attack. You want the firewall in front of (and separated from) the host you try to protect so that the malicious content doesn't even reach the interface you want to protect.

I hope this helps.

bakunin
Last edited by bakunin; 02-04-2019 at 05:08 PM.. Reason: confused "stateful inspection" with "deep state inspection" - oh, the paranoia
 

8 More Discussions You Might Find Interesting

1. UNIX for Advanced & Expert Users

which port to write my server application?

I want to write a server application that would accept HTTP requests from client. The server would be on a machine that has no connection to the INTERNET. The clients that would be posting their HTTP requests would be doing so through webbrowser .Thus it would be sort of intranet application.... (0 Replies)
Discussion started by: rraajjiibb
0 Replies

2. Linux

pc hacked

Hi, i think someone has hacked my server, the following rules used to come which i haven't put. Please help me i couldnt find out how this rules are apply, i think someone has put an script which generates enables the rules. But after restarting the iptables everything seems to be working... (0 Replies)
Discussion started by: naik_mit
0 Replies

3. UNIX for Dummies Questions & Answers

Old ATT Server Port Question

Just got old ATT server (10 base T)shipped and want to connect to Windows using com port. Got hardware to connect RJ45 from windows box & serial on ATT. I added XP static ip to host file but get no ping return. Do I have to open unix com port? How? (2 Replies)
Discussion started by: kctech
2 Replies

4. UNIX for Advanced & Expert Users

ssh port forward over three server

Hello there, I have a big problem, and I hope somebody can help me. I try to realize a port forward over three server. Here is a picture... Client Server1 | Server2 ------- ------- | ------- |...... | |...... | | |...... ... (2 Replies)
Discussion started by: Art007
2 Replies

5. Cybersecurity

How to know when you've been hacked

One of the most important ways to keep tou machine secure is to know when it has been broken into. The less time hackers have on your system, the less they can do to it, and the greater you chancens of kicking them off and repairing the damage. The more sophisticated the hacker, the less likely... (8 Replies)
Discussion started by: binhnx2000
8 Replies

6. UNIX for Dummies Questions & Answers

Plesk Server Hacked - How to Backup

Hello! First of all: I am a newbie. :o :( I have a CentOS 64bit server with Plesk Panel 8.6. And have been hacked. :mad: After many tries and support tickets, I am configuring a new server, with Suse 11 and Plesk 9.2. I know that Plesk 8.6 have a backup utility (Parallels Plesk Control... (3 Replies)
Discussion started by: miguelvidal
3 Replies

7. Cybersecurity

Different ssh fingerprints on server vs the one on port 22

Hi Guys, My certificate in /etc/ssh is different to what is on port 22. username@server:~$ ssh-keyscan -p 22 127.0.0.1 > /tmp/rsa.tmp # 127.0.0.1 SSH-1.99-OpenSSH_33.33 username@server:~$ ssh-keygen -lf /tmp/rsa.tmp 1024 46:something..................... 127.0.0.1... (0 Replies)
Discussion started by: mu100
0 Replies

8. Solaris

How to find port number wwn of particular port on dual port HBA,?

please find the below o/p for your reference bash-3.00# fcinfo hba-port HBA Port WWN: 21000024ff295a34 OS Device Name: /dev/cfg/c2 Manufacturer: QLogic Corp. Model: 375-3356-02 Firmware Version: 05.03.02 FCode/BIOS Version: BIOS: 2.02; fcode: 2.01;... (3 Replies)
Discussion started by: sb200
3 Replies

LEARN ABOUT DEBIAN

pyroman

PYROMAN(8)						      System Manager's Manual							PYROMAN(8)

NAME

       pyroman - a firewall configuration utility

SYNOPSIS

       pyroman
	      [ -hvnspP ] [ -r RULESDIR ] [ -t SECONDS ]
	      [ --help ] [ --version ] [ --safe ] [ --no-act ]
	      [ --print ] [ --print-verbose ] [ --rules=RULESDIR ]
	      [ --timeout=SECONDS ] [ safe ]

DESCRIPTION

       pyroman is a firewall configuration utility.

       It will compile a set of configuration files to iptables statements to setup IP packet filtering for you.

       While it is not necessary for operating and using Pyroman, you should have understood how IP, TCP, UDP, ICMP and the other commonly used
       Internet protocols work and interact. You should also have understood the basics of iptables in order to make use of the full
       functionality.

       pyroman does not try to hide all the iptables complexity from you, but tries to provide you with a convenient way of managing a complex
       networks firewall.  For this it offers a compact syntax to add new firewall rules, while still exposing access to add arbitrary iptables
       rules.

OPTIONS

       -r RULESDIR,--rules=RULES
	      Load the rules from directory RULESDIR instead of the default directory (usually /etc/pyroman )
       -t SECONDS,--timeout=SECONDS
	      Wait SECONDS seconds after applying the changes for the user to type OK to confirm he can still access the firewall. This implies
	      --safe but allows you to use a different timeout.
       -h, --help
	      Print a summary of the command line options and exit.
       -V, --version
	      Print the version number of pyroman and exit.
       -s, --safe, safe
	      When the firewall was committed, wait 30 seconds for the user to type OK to confirm, that he can still access the firewall (i.e. the
	      network connection wasn't blocked by the firewall).  Otherwise, the firewall changes will be undone, and the firewall will be
	      restored to the previous state.  Use the --timeout=SECONDS option to change the timeout.
       -n, --no-act
	      Don't actually run iptables. This can be used to check if pyroman accepts the configuration files.
       -p, --print
	      Instead of running iptables, output the generated rules.
       -P, --print-verbose
	      Instead of running iptables, output the generated rules. Each statement will have one comment line explaining how this rules was
	      generated. This will usually include the filename and line number, and is useful for debugging.
CONFIGURATION

       Configuration of pyroman consists of a number of files in the directory /etc/pyroman.  These files are in python syntax, although you do
       not need to be a python programmer to use these rules. There is only a small number of statements you need to know:
       add_host
	      Define a new host or network
       add_interface
	      Define a new interface (group)
       add_service
	      Add a new service alias (note that you can always use e.g. www/tcp to reference the www tcp service as defined in /etc/services)
       add_nat
	      Define a new NAT (Network Address Translation) rule
       allow  Allow a service, client, server combination
       reject Reject access for this service, client, server combination
       drop   Drop packets for this service, client, server combination
       add_rule
	      Add a rule for this service, client, server and target combination
       iptables
	      Add an arbitrary iptables statement to be executed at beginning
       iptables_end
	      Add an arbitrary iptables statement to be executed at the end
       Detailed parameters for these functions can be looked up by caling
	      cd /usr/share/pyroman
	      pydoc ./commands.py

BUGS

       None known as of pyroman-0.4 release

AUTHOR

       pyroman was written by Erich Schubert <erich@debian.org>

SEE ALSO

       iptables(8), iptables-restore(8) iptables-load(8)

																	PYROMAN(8)
All times are GMT -4. The time now is 05:50 PM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy