RE: DoS attack from java connections - how to avoid

From: D'Hooge Freek <Freek.DHooge_at_uptime.be>
Date: Tue, 31 Aug 2010 17:58:41 +0200
Message-ID: <4814386347E41145AAE79139EAA39898102B3825B1_at_ws03-exch07.iconos.be>

John,

These "dead" processes, are they processes on the db server or on the application server? In neither case it seems normal to me that a process keeps existing after a failed connection attempt, but if this is on the db server you can try if enabling dead client detection (sqlnet.expire_time) would help in cleaning up those processes.

Regards,

Freek D'Hooge
Uptime
Oracle Database Administrator
email: freek.dhooge_at_uptime.be
tel +32(0)3 451 23 82
http://www.uptime.be
disclaimer: www.uptime.be/disclaimer
--

From: oracle-l-bounce_at_freelists.org [mailto:oracle-l-bounce_at_freelists.org] On Behalf Of John Hallas Sent: dinsdag 31 augustus 2010 11:07
To: oracle_l
Subject: DoS attack from java connections - how to avoid

We had an application that repeatedly connects to the database via java connection pool fail because the account had become locked. The application kept on trying, the database did not allow the connection and we ended up with thousands of 'dead' processes causing the unix server to hang as all memory was used up.

The obvious thing to fix in our case was some form of application logic to recognise that failed connections had been made and stop the repeated connection attempts.

However this could also be used in a denial of service attack. What steps could we take to reduce that risk. The problem as I see it is that the database has reacted correctly and there is not much more we could do at the database level. However I am always open to suggestions

John

www.jhdba.wordpress.com

Wm Morrison Supermarkets Plc is registered in England with number 358949. The registered office of the company is situated at Gain Lane, Bradford, West Yorkshire BD3 7DL. This email and any attachments are intended for the addressee(s) only and may be confidential.

If you are not the intended recipient, please inform the sender by replying to the email that you have received in error and then destroy the email. If you are not the intended recipient, you must not use, disclose, copy or rely on the email or its attachments in any way.

This email does not constitute a contract in writing for the purposes of the Law of Property (Miscellaneous Provisions) Act 1989.

Our Standard Terms and Conditions of Purchase, as may be amended from time to time, apply to any contract that we enter into. The current version of our Standard Terms and Conditions of Purchase is available at: http://www.morrisons.co.uk/gscop

Although we have taken steps to ensure the email and its attachments are virus-free, we cannot guarantee this or accept any responsibility, and it is the responsibility of recipients to carry out their own virus checks.

--

http://www.freelists.org/webpage/oracle-l Received on Tue Aug 31 2010 - 10:58:41 CDT

This message: [ Message body ]
Next message: Jared Still: "Re: SQL escape games"
Previous message: Stefan Knecht: "Re: Search using like in a clob column"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ]

Original text of this message