Fw: dba_audit_session
From: Chris King <ckaj111_at_yahoo.ca>
Date: Thu, 07 May 2015 15:47:01 +0000
Message-ID: <1065197566.2475703.1431013620514.JavaMail.yahoo_at_mail.yahoo.com>
dbconsole has reported that "There have been 1068 failed login attempts in the last 30 minutes." So I did a select on dba_audit_sessions where returncode !=0 and found that in every case, the os_username is oracle, the returncode is 1017 (invalid username/password).. but.. and here's my question.. the username field of dba_audit_session varies and does not contain database username. Some of the 70 different values are "MSGBOX(" "HTTPS:" ".EXAMPLE.COM" "AND1=1". How can I further track down what is happening?
Date: Thu, 07 May 2015 15:47:01 +0000
Message-ID: <1065197566.2475703.1431013620514.JavaMail.yahoo_at_mail.yahoo.com>
dbconsole has reported that "There have been 1068 failed login attempts in the last 30 minutes." So I did a select on dba_audit_sessions where returncode !=0 and found that in every case, the os_username is oracle, the returncode is 1017 (invalid username/password).. but.. and here's my question.. the username field of dba_audit_session varies and does not contain database username. Some of the 70 different values are "MSGBOX(" "HTTPS:" ".EXAMPLE.COM" "AND1=1". How can I further track down what is happening?
Note that this has only begun happening since I applied COST to restrict instance registration in Oracle RAC (Doc ID 1340831.1), so could be related, but it's not clear how the change would cause this. Thanks in advance all!
-- http://www.freelists.org/webpage/oracle-lReceived on Thu May 07 2015 - 17:47:01 CEST