RE: DoS attack from java connections - how to avoid

  • From: D'Hooge Freek <Freek.DHooge@xxxxxxxxx>
  • To: "John.Hallas@xxxxxxxxxxxxxxxxxx" <John.Hallas@xxxxxxxxxxxxxxxxxx>, oracle_l <ORACLE-L@xxxxxxxxxxxxx>
  • Date: Tue, 31 Aug 2010 17:58:41 +0200

John,

These "dead" processes, are they processes on the db server or on the 
application server?
In neither case it seems normal to me that a process keeps existing after a 
failed connection attempt, but if this is on the db server you can try if 
enabling dead client detection (sqlnet.expire_time) would help in cleaning up 
those processes.

Regards,


Freek D'Hooge
Uptime
Oracle Database Administrator
email: freek.dhooge@xxxxxxxxx
tel +32(0)3 451 23 82
http://www.uptime.be
disclaimer: www.uptime.be/disclaimer
--
From: oracle-l-bounce@xxxxxxxxxxxxx [mailto:oracle-l-bounce@xxxxxxxxxxxxx] On 
Behalf Of John Hallas
Sent: dinsdag 31 augustus 2010 11:07
To: oracle_l
Subject: DoS attack from java connections - how to avoid

We had an application that repeatedly connects to the database via java 
connection pool fail because the account had become locked. 
The application kept on trying, the database did not allow the connection and 
we ended up with thousands of 'dead' processes causing the unix server to hang 
as all memory was used up.

The obvious thing to fix in our case was some form of application logic to 
recognise that failed connections had been made and stop the repeated 
connection attempts.

However this could also be used in a denial of service attack. What steps could 
we take to reduce that risk. The problem as I see it is that the database has 
reacted correctly and there is not much more we could do at the database level. 
However I am always open to suggestions

John

www.jhdba.wordpress.com



______________________________________________________________________
Wm Morrison Supermarkets Plc is registered in England with number 358949. The 
registered office of the company is situated at Gain Lane, Bradford, West 
Yorkshire BD3 7DL. This email and any attachments are intended for the 
addressee(s) only and may be confidential. 

If you are not the intended recipient, please inform the sender by replying to 
the email that you have received in error and then destroy the email. 
If you are not the intended recipient, you must not use, disclose, copy or rely 
on the email or its attachments in any way. 

This email does not constitute a contract in writing for the purposes of the 
Law of Property (Miscellaneous Provisions) Act 1989.

Our Standard Terms and Conditions of Purchase, as may be amended from time to 
time, apply to any contract that we enter into. The current version of our 
Standard Terms and Conditions of Purchase is available at: 
http://www.morrisons.co.uk/gscop

Although we have taken steps to ensure the email and its attachments are 
virus-free, we cannot guarantee this or accept any responsibility, 
and it is the responsibility of recipients to carry out their own virus checks. 
______________________________________________________________________
--
//www.freelists.org/webpage/oracle-l


Other related posts: