RE: Oracle rootkit

Thanks I've never tried to start a listener remotely, and was wondering why the start was not password protected. On our oracle 10 databases, Oracle every once in a while decides to startup a second listener on the same port. This happens sporadically but we get this on at least one daytabase very three or four months. It may have something to do with OEM. Anyway, having two listeners on the same port results in a denial of service.

Ian

-----Original Message-----

From: Jared Still [mailto:jkstill_at_gmail.com] Sent: Thursday, January 26, 2006 9:12 AM To: MacGregor, Ian A.
Cc: oracledba.williams_at_gmail.com; oracle-l Subject: Re: Oracle rootkit

On 1/25/06, MacGregor, Ian A. <ian_at_slac.stanford.edu> wrote:

        On a related topic, Oracle sometimes decides to startua second listener on the same port; there by causing denial of service.

If you mean the server does this automatically, can you explain? I'm not familiar with that.

        Under Oracle 9i and before the password only provided protection against shutting down the listener, not starting it up.         

IIRC you can shut down the listener remotely, but need to be on the server to start it. This applies to unix and linux.

On windows, anyone with admin access can remotely stop/start the listener through the Services applet.

--

Jared Still
Certifiable Oracle DBA and Part Time Perl Evangelist

--

http://www.freelists.org/webpage/oracle-l Received on Thu Jan 26 2006 - 13:06:42 CST