Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Usenet -> c.d.o.server -> Re: Possible Security Breach

Re: Possible Security Breach

From: Paul Drake <bdbafh_at_gmail.com>
Date: 27 Aug 2004 09:50:37 -0700
Message-ID: <910046b4.0408270850.3a98a695@posting.google.com> 





rc <rc_at_spam.com> wrote in message news:<00pti0p8lb8v5ceeed2bugovv0r5gs2fhl_at_4ax.com>...


> Well here is the tnsnames.ora 

> ///////////////////////////////////////////////////////////////////////////////////////////

> # TNSNAMES.ORA Network Configuration File:

> /opt/oracle/product/8.1.7/network/admin/tnsnames.ora

> # Generated by Oracle configuration tools.

> 

> TEST =


>   (DESCRIPTION =


>     (ADDRESS_LIST =


>       (ADDRESS = (PROTOCOL = TCP)(HOST = sunoracle)(PORT = 1521))

>     )

>     (CONNECT_DATA =


>       (SERVICE_NAME = TEST)


>     )

>   )

> 

> SUN =


>   (DESCRIPTION =


>     (ADDRESS_LIST =


>       (ADDRESS = (PROTOCOL = TCP)(HOST = sunoracle)(PORT = 1521))

>     )

>     (CONNECT_DATA =


>       (SERVICE_NAME = SUN)


>     )

>   )

> 

> INST1_HTTP =


>   (DESCRIPTION =


>     (ADDRESS_LIST =


>       (ADDRESS = (PROTOCOL = TCP)(HOST = sunoracle)(PORT = 1521))

>     )

>     (CONNECT_DATA =


>       (SERVER = SHARED)


>       (SERVICE_NAME = TEST)


>       (PRESENTATION = http://admin)

>     )

>   )

> 

> EXTPROC_CONNECTION_DATA =


>   (DESCRIPTION =


>     (ADDRESS_LIST =


>       (ADDRESS = (PROTOCOL = IPC)(KEY = EXTPROC))


>     )

>     (CONNECT_DATA =


>       (SID = PLSExtProc)

>       (PRESENTATION = RO)


>     )

>   )

> 

> ///////////////////////////////////////////////////////////////////////////////////////////////////

> 

> There is nothing in here about the blueyounder host our server is

> trying to contact. 

> 

> Can I ask some  one waht the PLSExtProc does, this is the first time I

> have had to look into this, and I know little about the tnslistner




more than likely, the PLSExtProc Listener is not in use.
It is a security hazard if it is not locked down appropriately.
check out Pete Finnegan's site for more regarding this - as well as
Metalink.


http://www.petefinnigan.com/



remove its entry from the listener.ora file and stop/restart your
listener.


remove its entry from the tnsnames.ora file.



TNSNAMES is not the only method of resolving a connect string.
HOSTNAME can also be used, as well as ONAMES.



If you have a stale db_link that could be resolved via DNS - that
could explain the outbound connection attempts.



you could enable client tracing on the oracle server - that would
trace all client oracle networking client attempts.



-bdbafh
Received on Fri Aug 27 2004 - 11:50:37 CDT












Original text of this message













  HOME |
  ASK QUESTION |
  ADD INFO |
  SEARCH |
  E-MAIL US