Forum OpenACS Q&A: Response to Bugtraq: Remote Compromise in Oracle 9i Database Server (and Oracle 8)

Just remove the line


from listener.ora, lsnrtcl stop, lsnrtcl start.

We've done that on most of our Oracle boxes now. The ones where we really need extproc,

/sbin/ipchains -A input 1 -s -j ACCEPT
/sbin/ipchains -A input 1 -s $LOCAL_IP_ADDRESS -j ACCEPT
/sbin/ipchains -A input 1 -d any/0 1521 -p tcp -j DENY
or equivalent in Solaris or router access lists.

Even on NT4 there is a primitive "port security" feature that can block 1521.