Oracle DBA's are very well
respected within the IT industry. The normal IT practitioner does not have
a very keen understanding of the underlying database and applications that make
up Oracle. In saying this some DBA's can sometimes miss out basic security
principles to tie down their application. One of the most basic areas of
this is the TNS Listener. The TNS Listener accepts a client request and
establishes a TNS (Transparent Network Substrate) connection to the backend
database. This connection is not protocol dependant so can function
over TCP/IP, IPX/SPX etc. The listener is important in that if it is not
running iterative enquiries from a client cannot be fulfilled, so essentially
you kill the listener you kill the database. The TNS listener usually can
be found on Port 1521, but don't be surprised if the DBA has moved it to
obfuscate it from a normal portscan. (NMAP version scan will find it
though every time :-)) There is a Windows GUI tool called WinSID that carries
out the same function as the linux command line tool tnscmd.pl (and displays it
a little better).
It was available from: www.syntheticbytes.com but this site
has since removed most of its content!! I did manage to get a copy of it
before it was removed and it is available here.
Note:- Due to extra security features within Oracle 10g Release 2, the use of
this program will provide limited results. You will only be able to
enumerate the version of the database and the underlying OS only.
As with most
Windows tools its double click and the usually install directory of C:/Program
Files/Winsid is where the system will put it. There are no other
dependencies and problems whatsoever.
Open up WinSID
from the desktop icon
address for the Oracle database that you are checking
services and record any pertinent information
status and record any pertinent information
version and record any pertinent information
buttons will display numerous amount of information about the Oracle database
including version, hostname, Operating system type and most importantly the SERVICE_NAME that is required to setup the Oracle Client listener.