we have disabled failed login attempts altogether. this is a vector for DoS attack. There are better strategies to deal with the issue. --------------------------------------------------------------------------------- Please consider the environment before printing this e-mail John Hallas <John.Hallas@morr isonsplc.co.uk> To Sent by: oracle_l <ORACLE-L@xxxxxxxxxxxxx> oracle-l-bounce@f cc reelists.org Subject DoS attack from java connections - 2010.08.31 12:07 how to avoid Please respond to John.Hallas@morri sonsplc.co.uk We had an application that repeatedly connects to the database via java connection pool fail because the account had become locked. The application kept on trying, the database did not allow the connection and we ended up with thousands of ‘dead’ processes causing the unix server to hang as all memory was used up. The obvious thing to fix in our case was some form of application logic to recognise that failed connections had been made and stop the repeated connection attempts. However this could also be used in a denial of service attack. What steps could we take to reduce that risk. The problem as I see it is that the database has reacted correctly and there is not much more we could do at the database level. However I am always open to suggestions John www.jhdba.wordpress.com ______________________________________________________________________ Wm Morrison Supermarkets Plc is registered in England with number 358949. The registered office of the company is situated at Gain Lane, Bradford, West Yorkshire BD3 7DL. This email and any attachments are intended for the addressee(s) only and may be confidential. If you are not the intended recipient, please inform the sender by replying to the email that you have received in error and then destroy the email. If you are not the intended recipient, you must not use, disclose, copy or rely on the email or its attachments in any way. This email does not constitute a contract in writing for the purposes of the Law of Property (Miscellaneous Provisions) Act 1989. Our Standard Terms and Conditions of Purchase, as may be amended from time to time, apply to any contract that we enter into. The current version of our Standard Terms and Conditions of Purchase is available at: http://www.morrisons.co.uk/gscop Although we have taken steps to ensure the email and its attachments are virus-free, we cannot guarantee this or accept any responsibility, and it is the responsibility of recipients to carry out their own virus checks. ______________________________________________________________________ -- //www.freelists.org/webpage/oracle-l