Database, Oracle

Nessus scan of Oracle listener

by  •  • 0 Comments

I thought this was interesting. I found the following in our listener.log file after our security team ran a nessus scan…

listener.log:TNS-12502: TNS:listener received no CONNECT_DATA from client
listener.log:27-JUN-2012 09:30:52 * (CONNECT_DATA=(COMMAND=VERSION)) * version * 1189
listener.log:27-JUN-2012 09:30:52 * (CONNECT_DATA=(SID=orcl)(CID=(PROGRAM=nessus)(HOST=172.26.253.75)(USER=))) * (ADDRESS=(PROTOCOL=tcp)(HOST=172.26.253.75)(PORT=49760)) * establish * orcl * 12505
listener.log:27-JUN-2012 09:30:52 * (CONNECT_DATA=(COMMAND=VERSION)) * version * 1189
listener.log:27-JUN-2012 09:30:52 * (CONNECT_DATA=(SID=oracle)(CID=(PROGRAM=nessus)(HOST=172.26.253.75)(USER=))) * (ADDRESS=(PROTOCOL=tcp)(HOST=172.26.253.75)(PORT=49764)) * establish * oracle * 12505
listener.log:27-JUN-2012 09:30:52 * (CONNECT_DATA=(SID=oracl)(CID=(PROGRAM=nessus)(HOST=172.26.253.75)(USER=))) * (ADDRESS=(PROTOCOL=tcp)(HOST=172.26.253.75)(PORT=49766)) * establish * oracl * 12505
listener.log:27-JUN-2012 09:30:52 * (CONNECT_DATA=(SID=oradb)(CID=(PROGRAM=nessus)(HOST=172.26.253.75)(USER=))) * (ADDRESS=(PROTOCOL=tcp)(HOST=172.26.253.75)(PORT=49768)) * establish * oradb * 12505
listener.log:27-JUN-2012 09:30:52 * (CONNECT_DATA=(SID=test)(CID=(PROGRAM=nessus)(HOST=172.26.253.75)(USER=))) * (ADDRESS=(PROTOCOL=tcp)(HOST=172.26.253.75)(PORT=49769)) * establish * test * 12505
listener.log:27-JUN-2012 09:30:52 * (CONNECT_DATA=(SID=iasdb)(CID=(PROGRAM=nessus)(HOST=172.26.253.75)(USER=))) * (ADDRESS=(PROTOCOL=tcp)(HOST=172.26.253.75)(PORT=49770)) * establish * iasdb * 12505
listener.log:27-JUN-2012 09:30:52 * (CONNECT_DATA=(SID=oemrep)(CID=(PROGRAM=nessus)(HOST=172.26.253.75)(USER=))) * (ADDRESS=(PROTOCOL=tcp)(HOST=172.26.253.75)(PORT=49771)) * establish * oemrep * 12505
listener.log:27-JUN-2012 09:30:52 * (CONNECT_DATA=(SID=PLSExtProc)(CID=(PROGRAM=nessus)(HOST=172.26.253.75)(USER=))) * (ADDRESS=(PROTOCOL=tcp)(HOST=172.26.253.75)(PORT=49772)) * establish * PLSExtProc * 12505
listener.log:27-JUN-2012 09:30:52 * (CONNECT_DATA=(SID=XE)(CID=(PROGRAM=nessus)(HOST=172.26.253.75)(USER=))) * (ADDRESS=(PROTOCOL=tcp)(HOST=172.26.253.75)(PORT=49773)) * establish * XE * 12505
listener.log:TNS-12502: TNS:listener received no CONNECT_DATA from client
cmhlqecomodb01:oracle:cmhecomq1:/u01/app/oracle/diag/tnslsnr/cmhlqecomodb01/listener/trace>

It is interesting that it looks for services with the following names…

orcl
oracle
oracl
oradb
test
iasdb
oemrep
PLSExtProc
XE

..and also tries to check the version…

listener.log:27-JUN-2012 09:30:52 * (CONNECT_DATA=(COMMAND=VERSION)) * version * 1189

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.