|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: NERP DoS attack possible in Oracle
- To: NTBUGTRAQ
LISTSERV.NTBUGTRAQ.COM - Subject: Re: NERP DoS attack possible in Oracle
- From: "Reed, Dennis" <DJR3PGE.COM>
- Date: Fri, 28 Aug 1998 08:08:57 -0700
- Reply-To: "Reed, Dennis" <DJR3PGE.COM>
- Sender: Windows NT BugTraq Mailing List <NTBUGTRAQLISTSERV.NTBUGTRAQ.COM>
NOTE! The following is based on my personal experience and recollection and is not to be construed as official advice from PG&E or Oracle Corp. Use at your own risk. Better yet, if you have an Oracle installation (which you must have if there's an \oracle or \orawin subdir), contact your DBA and get your Oracle CSI (customer support info) number from them, then call Oracle at 800-223-1711 for official help! ---------------------------------------------------------------------------- ---------------- TNSLSNR is the Oracle executable loaded on server machines hosting Oracle databases which allows clients to connect to the database using Oracle's proprietary SQL*Net protocol. The Listener (like IIS) sits there on the port waiting for connect requests from client machines. Ports commonly used on my servers/clients range from 1521 (the default) to 1528 (on a server with multiple databases/listeners). There should be a file called LISTENER.ORA in the Oracle subdirectory tree (usually under network\admin or something similar) which contains settings related to how the Listener functions. One of the settings in this file can be used to shut down the connection if invalid (non-database) connections are made. CONNECT_TIMEOUT_listenername sets the # of seconds listener will listen for a valid database query after session is started. Default=10 seconds, 0=forever. There should also be a file called SQLNET.ORA which contains a setting called SQLNET.EXPIRE_TIME. This setting (in minutes) determines how often the Listener sends a probe to determine if the connection to the client is still alive. I believe that it will only return a "connection still alive" result if connected to a SQL*Net client (not, for instance, a Telnet session). Default=0 (no probe), recommended value=10 (minutes). If no live session is found, the connection will be broken and the Listener returned to its normal "listening" state. At that point, CPU usage should go back down well below 100%. Dennis Reed DBA, Maintenance Department Pacific Gas & Electric Co. Standard Disclaimers Apply.
- Prev by Date: Re: Msproxy LAT
- Next by Date: Re: SUMMARY: Bug announcement rule of thumb.
- Prev by thread: Re: NT 4.0 file creation date - bug
- Next by thread: Another BO detector that is actually a trojan
- Index(es):