use this option its very efficient. TCP.EXCLUDED_NODES Purpose Use the parameter TCP.EXCLUDED_NODES to specify which clients are denied access to the database. Syntax TCP.EXCLUDED_NODES=(hostname | ip_address, hostname | ip_address, ...) Example TCP.EXCLUDED_NODES=(finance.us.acme.com, mktg.us.acme.com, 144.25.5.25) TCP.INVITED_NODES Purpose Use the parameter TCP.INVITED_NODES to specify which clients are allowed access to the database. This list takes precedence over the TCP.EXCLUDED_NODES parameter if both lists are present. Syntax TCP.INVITED_NODES=(hostname | ip_address, hostname | ip_address, ...) Example TCP.INVITED_NODES=(sales.us.acme.com, hr.us.acme.com, 144.185.5.73) TCP.VALIDNODE_CHECKING ________________________________ From: "Goulet, Richard" <Richard.Goulet@xxxxxxxxxxx> To: gabriel.aragon@xxxxxx; oracle-l@xxxxxxxxxxxxx Sent: Monday, August 31, 2009 1:00:53 PM Subject: RE: Block db access by IP and username "I was thinking about using an after logon trigger to detect username and IP and kill session if it doest fit with required values, but I think this is a little bit rude." No it isn't. Dick Goulet Senior Oracle DBA/NA Team Lead PAREXEL International ________________________________ From: oracle-l-bounce@xxxxxxxxxxxxx [mailto:oracle-l-bounce@xxxxxxxxxxxxx] On Behalf Of Aragon, Gabriel (GE, Corporate, consultant) Sent: Monday, August 31, 2009 3:53 PM To: oracle-l@xxxxxxxxxxxxx Subject: Block db access by IP and username Hi all, long time no checking this list. I have a security question. I need to block access to db by IP and username, let's say that I need that user XXXX can connect ONLY from IP aaa.bbb.ccc.ddd, that is, if user XXXX wants to connect from another IP, access will be denied. I was thinking about using an after logon trigger to detect username and IP and kill session if it doest fit with required values, but I think this is a little bit rude. The other option I verified was using sqlnet.ora configuration but this only filters by IP and I would have to add all posssible IP's but doesnt filter users, and this is not what I need. Any ideas? TIA Gabriel