Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Usenet -> c.d.o.server -> Re: web app gets max processes about every three months

Re: web app gets max processes about every three months

From: Joel Rees <jreesmf_at_mac.com>
Date: 6 Aug 2002 02:28:48 -0700
Message-ID: <f0d5086.0208060128.6c1bcf24@posting.google.com> 





I found this description of vulnerabilities in Oracle, and the fourth
DOS sounds like it might cause the process allocation count to
suddenly rise:



http://bvlive01.iss.net/issEn/delivery/xforce/alertdetail.jsp?id=advise82
http://www.iss.net/security_center/static/6716.php



The vulnerability uses the ability to send a command over multiple
packets to hang the listener. If this would cause the process count to
rise suddenly, it would be a possible source of the problems I'm
having.



Would appreciate opinions.



I wrote in message news:<f0d5086.0208050239.31d4911b_at_posting.google.com>...


> Wrote a question about this about six weeks back, still looking for

> answers.

> 

> We have a web app, Oracle on a dedicated machine, php and apache on a

> separate machine, and three times in the past eight months, our php

> logs tell us that oracle has got maximum processes allocated, and it

> stays there until the customer resets the Oracle server. Host system

> on each machine is MSW2k.

> 

> Analyzing the logs does reveal the customer testing the site on one

> occasion, otherwise, there don't seem to be any patterns. See some

> apparent web-bot activity, some possible cheap tries at breaking in,

> but no evidence of actual intrusion or DOS attacks. (Maybe. I just

> remembered mention of one DOS attack that some versions of Oracle are

> supposedly vulnerable to that I haven't checked against.)

> 

> Anyone for whom these sort of symptoms rings a bell, please post me

> some more clues.

> 

> So far, my searching seems to indicate that MSW2k should simply be

> expected to go south every now and then, and that once in three months

> is not that often for a re-boot.

> 

> (One reply to my previous post:)

> 

> http://groups.google.com/groups?hl=en&lr=&ie=UTF-8&threadm=f0d5086.0206261901.372e6725%40posting.google.com&rnum=1&prev=/groups%3Fhl%3Den%26lr%3D%26ie%3DISO-8859-1%26q%3Djoel%2Brees%2Bdatabase%26meta%3D

> 

> One post I dug up elsewhere suggested a dedicated swap drive, with

> swap min=max so that the swap files don't get re-allocated and

> fragmented.

> 

> Would sure appreciate some more suggestions.

> 

> Joel Rees

Received on Tue Aug 06 2002 - 04:28:48 CDT












Original text of this message













  HOME |
  ASK QUESTION |
  ADD INFO |
  SEARCH |
  E-MAIL US