{"id":2331,"date":"2012-07-10T09:58:54","date_gmt":"2012-07-10T14:58:54","guid":{"rendered":"http:\/\/appcrawler.com\/wordpress\/?p=2331"},"modified":"2012-07-10T09:58:54","modified_gmt":"2012-07-10T14:58:54","slug":"nessus-scan-of-oracle-listener","status":"publish","type":"post","link":"http:\/\/appcrawler.com\/wordpress\/2012\/07\/10\/nessus-scan-of-oracle-listener\/","title":{"rendered":"Nessus scan of Oracle listener"},"content":{"rendered":"<p>I thought this was interesting.  I found the following in our listener.log file after our security team ran a nessus scan&#8230;<\/p>\n<pre lang=\"text\">\r\nlistener.log:TNS-12502: TNS:listener received no CONNECT_DATA from client\r\nlistener.log:27-JUN-2012 09:30:52 * (CONNECT_DATA=(COMMAND=VERSION)) * version * 1189\r\nlistener.log:27-JUN-2012 09:30:52 * (CONNECT_DATA=(SID=orcl)(CID=(PROGRAM=nessus)(HOST=172.26.253.75)(USER=))) * (ADDRESS=(PROTOCOL=tcp)(HOST=172.26.253.75)(PORT=49760)) * establish * orcl * 12505\r\nlistener.log:27-JUN-2012 09:30:52 * (CONNECT_DATA=(COMMAND=VERSION)) * version * 1189\r\nlistener.log:27-JUN-2012 09:30:52 * (CONNECT_DATA=(SID=oracle)(CID=(PROGRAM=nessus)(HOST=172.26.253.75)(USER=))) * (ADDRESS=(PROTOCOL=tcp)(HOST=172.26.253.75)(PORT=49764)) * establish * oracle * 12505\r\nlistener.log:27-JUN-2012 09:30:52 * (CONNECT_DATA=(SID=oracl)(CID=(PROGRAM=nessus)(HOST=172.26.253.75)(USER=))) * (ADDRESS=(PROTOCOL=tcp)(HOST=172.26.253.75)(PORT=49766)) * establish * oracl * 12505\r\nlistener.log:27-JUN-2012 09:30:52 * (CONNECT_DATA=(SID=oradb)(CID=(PROGRAM=nessus)(HOST=172.26.253.75)(USER=))) * (ADDRESS=(PROTOCOL=tcp)(HOST=172.26.253.75)(PORT=49768)) * establish * oradb * 12505\r\nlistener.log:27-JUN-2012 09:30:52 * (CONNECT_DATA=(SID=test)(CID=(PROGRAM=nessus)(HOST=172.26.253.75)(USER=))) * (ADDRESS=(PROTOCOL=tcp)(HOST=172.26.253.75)(PORT=49769)) * establish * test * 12505\r\nlistener.log:27-JUN-2012 09:30:52 * (CONNECT_DATA=(SID=iasdb)(CID=(PROGRAM=nessus)(HOST=172.26.253.75)(USER=))) * (ADDRESS=(PROTOCOL=tcp)(HOST=172.26.253.75)(PORT=49770)) * establish * iasdb * 12505\r\nlistener.log:27-JUN-2012 09:30:52 * (CONNECT_DATA=(SID=oemrep)(CID=(PROGRAM=nessus)(HOST=172.26.253.75)(USER=))) * (ADDRESS=(PROTOCOL=tcp)(HOST=172.26.253.75)(PORT=49771)) * establish * oemrep * 12505\r\nlistener.log:27-JUN-2012 09:30:52 * (CONNECT_DATA=(SID=PLSExtProc)(CID=(PROGRAM=nessus)(HOST=172.26.253.75)(USER=))) * (ADDRESS=(PROTOCOL=tcp)(HOST=172.26.253.75)(PORT=49772)) * establish * PLSExtProc * 12505\r\nlistener.log:27-JUN-2012 09:30:52 * (CONNECT_DATA=(SID=XE)(CID=(PROGRAM=nessus)(HOST=172.26.253.75)(USER=))) * (ADDRESS=(PROTOCOL=tcp)(HOST=172.26.253.75)(PORT=49773)) * establish * XE * 12505\r\nlistener.log:TNS-12502: TNS:listener received no CONNECT_DATA from client\r\ncmhlqecomodb01:oracle:cmhecomq1:\/u01\/app\/oracle\/diag\/tnslsnr\/cmhlqecomodb01\/listener\/trace>\r\n<\/pre>\n<p>It is interesting that it looks for services with the following names&#8230;<\/p>\n<p>orcl<br \/>\noracle<br \/>\noracl<br \/>\noradb<br \/>\ntest<br \/>\niasdb<br \/>\noemrep<br \/>\nPLSExtProc<br \/>\nXE <\/p>\n<p>..and also tries to check the version&#8230;<\/p>\n<pre lang=\"text\">\r\nlistener.log:27-JUN-2012 09:30:52 * (CONNECT_DATA=(COMMAND=VERSION)) * version * 1189\r\n<\/pre>\n","protected":false},"excerpt":{"rendered":"<p>I thought this was interesting. I found the following in our listener.log file after our security team ran a nessus scan&#8230; listener.log:TNS-12502: TNS:listener received no CONNECT_DATA from client listener.log:27-JUN-2012 09:30:52 * (CONNECT_DATA=(COMMAND=VERSION)) * version * 1189 listener.log:27-JUN-2012 09:30:52 * (CONNECT_DATA=(SID=orcl)(CID=(PROGRAM=nessus)(HOST=172.26.253.75)(USER=)))&hellip;<\/p>\n<p class=\"more-link-p\"><a class=\"more-link\" href=\"http:\/\/appcrawler.com\/wordpress\/2012\/07\/10\/nessus-scan-of-oracle-listener\/\">Read more &rarr;<\/a><\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_mi_skip_tracking":false,"footnotes":""},"categories":[19,22],"tags":[],"_links":{"self":[{"href":"http:\/\/appcrawler.com\/wordpress\/wp-json\/wp\/v2\/posts\/2331"}],"collection":[{"href":"http:\/\/appcrawler.com\/wordpress\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/appcrawler.com\/wordpress\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/appcrawler.com\/wordpress\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"http:\/\/appcrawler.com\/wordpress\/wp-json\/wp\/v2\/comments?post=2331"}],"version-history":[{"count":4,"href":"http:\/\/appcrawler.com\/wordpress\/wp-json\/wp\/v2\/posts\/2331\/revisions"}],"predecessor-version":[{"id":2352,"href":"http:\/\/appcrawler.com\/wordpress\/wp-json\/wp\/v2\/posts\/2331\/revisions\/2352"}],"wp:attachment":[{"href":"http:\/\/appcrawler.com\/wordpress\/wp-json\/wp\/v2\/media?parent=2331"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/appcrawler.com\/wordpress\/wp-json\/wp\/v2\/categories?post=2331"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/appcrawler.com\/wordpress\/wp-json\/wp\/v2\/tags?post=2331"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}