Re: Keeping a DB from Phoning Home...

From: Mark Bobak <>
Date: Thu, 12 Sep 2013 16:10:51 +0000
Message-ID: <>

Er, that should be "".

On 9/12/13 12:09 PM, "Bobak, Mark" <> wrote:

>Hi Dave,
>I'm not sure how much flexibility you have, but, if the goal is to allow
>communication w/ the app server, but be 100% sure that there is no way for
>the db to talk to anything else, then just put the app servers and the db
>server in the same LAN, and use IP addresses from the private,
>non-routable blocks, such as or The db and app
>servers will be able to talk to each other, but there's no chance that
>they will be able to get to any other systems, or that any other systems
>would be able to talk to them.
>If you're not sure how to do that, you may want to have a chat with your
>network engineering group. It should be pretty trivial to set up.
>Hope that helps,
>On 9/12/13 11:07 AM, "David Mann" <> wrote:
>>I am helping a sysadmin archive a regulated system that is slated for
>>retirement. Long story short is we have it up and running on a HP-UX
>>emulator but have the network interfaces turned off. We also have some
>>servers that will be archived parallel to the server the DB is running
>>The goal is to be able to turn on the network interfaces so we can access
>>the DB with the app servers for some validation activities before the
>>archival... but we don't know the condition of the database, it is a
>>black box to us. We want to make sure it does not try to access any
>>resources like DB Links, sockets opened with Java, etc. as we are not
>>what other internal systems it was communicating with when it was turned
>>The sysadmin currently has the DB running and all network interfaces
>>off. I was thinking of starting the DB and using NetStat or whatever the
>>HP-UX equivalent was but with interfaces turned off I don't think we
>>be able to observe any outgoing port activity.
>>So I get access to SQL*Plus on the console later this week. My plan so
>>is to check the following things before turning on the network interfaces
>>and starting up the DB:
>>1) Set OPEN_LINKS to 0 to prevent attempts to open DB links.
>>2) Set JOB_QUEUES_PROCESSES to 0 - I don't have evidence that any jobs
>>cause something to initiate network access but want to cover the bases.
>>3) Check DBA_JAVA_POLICY for any Network/Socket related policies and
>>investigate further if I find any.
>>4) ??? :)
>>After that I'm stumped. If you had a 9i DB that was a black box to you
>>were trying to ensure it was not going to try to initiate any outgoing
>>activity when you started it up what would you do?
>>Dave Mann
>>General Geekery |
>>Database Geekery | | _at_ba6dotus |

Received on Thu Sep 12 2013 - 18:10:51 CEST

Original text of this message