RE: DoS attack from java connections - how to avoid - SOLUTION maybe
From: John Hallas <John.Hallas_at_morrisonsplc.co.uk>
Date: Thu, 2 Sep 2010 11:16:39 +0100
Message-ID: <A92AF970568F9A4BAB18E10F9C64ED606B2C259957_at_EXCH2.morrisonsplc.co.uk>
Thanks for the responses, the sqlnet.expire_time feature did not work in my scenario however the listener connection rate parameter suggested by Grzegorz Goryszewski worked a treat
Date: Thu, 2 Sep 2010 11:16:39 +0100
Message-ID: <A92AF970568F9A4BAB18E10F9C64ED606B2C259957_at_EXCH2.morrisonsplc.co.uk>
Thanks for the responses, the sqlnet.expire_time feature did not work in my scenario however the listener connection rate parameter suggested by Grzegorz Goryszewski worked a treat
I have blogged about it at http://jhdba.wordpress.com/2010/09/02/using-the-connection_rate-parameter-to-stop-dos-attacks/
John
-----Original Message-----
From: oracle-l-bounce_at_freelists.org [mailto:oracle-l-bounce_at_freelists.org] On Behalf Of D'Hooge Freek
Sent: 31 August 2010 16:59
To: John Hallas; oracle_l
Subject: RE: DoS attack from java connections - how to avoid
John,
These "dead" processes, are they processes on the db server or on the application server? In neither case it seems normal to me that a process keeps existing after a failed connection attempt, but if this is on the db server you can try if enabling dead client detection (sqlnet.expire_time) would help in cleaning up those processes.
Regards,
Freek D'Hooge
Uptime
Oracle Database Administrator
email: freek.dhooge_at_uptime.be
tel +32(0)3 451 23 82
http://www.uptime.be
disclaimer: www.uptime.be/disclaimer
-- From: oracle-l-bounce_at_freelists.org [mailto:oracle-l-bounce_at_freelists.org] On Behalf Of John Hallas Sent: dinsdag 31 augustus 2010 11:07 To: oracle_l Subject: DoS attack from java connections - how to avoid We had an application that repeatedly connects to the database via java connection pool fail because the account had become locked. The application kept on trying, the database did not allow the connection and we ended up with thousands of 'dead' processes causing the unix server to hang as all memory was used up. The obvious thing to fix in our case was some form of application logic to recognise that failed connections had been made and stop the repeated connection attempts. However this could also be used in a denial of service attack. What steps could we take to reduce that risk. The problem as I see it is that the database has reacted correctly and there is not much more we could do at the database level. However I am always open to suggestions John www.jhdba.wordpress.comReceived on Thu Sep 02 2010 - 05:16:39 CDT
______________________________________________________________________
Wm Morrison Supermarkets Plc is registered in England with number 358949. The registered office of the company is situated at Gain Lane, Bradford, West Yorkshire BD3 7DL. This email and any attachments are intended for the addressee(s) only and may be confidential. If you are not the intended recipient, please inform the sender by replying to the email that you have received in error and then destroy the email. If you are not the intended recipient, you must not use, disclose, copy or rely on the email or its attachments in any way. This email does not constitute a contract in writing for the purposes of the Law of Property (Miscellaneous Provisions) Act 1989. Our Standard Terms and Conditions of Purchase, as may be amended from time to time, apply to any contract that we enter into. The current version of our Standard Terms and Conditions of Purchase is available at: http://www.morrisons.co.uk/gscop Although we have taken steps to ensure the email and its attachments are virus-free, we cannot guarantee this or accept any responsibility, and it is the responsibility of recipients to carry out their own virus checks.
______________________________________________________________________
-- http://www.freelists.org/webpage/oracle-l
______________________________________________________________________
Wm Morrison Supermarkets Plc is registered in England with number 358949. The registered office of the company is situated at Gain Lane, Bradford, West Yorkshire BD3 7DL. This email and any attachments are intended for the addressee(s) only and may be confidential. If you are not the intended recipient, please inform the sender by replying to the email that you have received in error and then destroy the email. If you are not the intended recipient, you must not use, disclose, copy or rely on the email or its attachments in any way. This email does not constitute a contract in writing for the purposes of the Law of Property (Miscellaneous Provisions) Act 1989. Our Standard Terms and Conditions of Purchase, as may be amended from time to time, apply to any contract that we enter into. The current version of our Standard Terms and Conditions of Purchase is available at: http://www.morrisons.co.uk/gscop Although we have taken steps to ensure the email and its attachments are virus-free, we cannot guarantee this or accept any responsibility, and it is the responsibility of recipients to carry out their own virus checks.
______________________________________________________________________
-- http://www.freelists.org/webpage/oracle-l