RE: Oracle rootkit

• From: "MacGregor, Ian A." <ian@xxxxxxxxxxxxxxxxx>
• To: "Li-Shan Cheng" <exriscer@xxxxxxxxx>
• Date: Mon, 30 Jan 2006 14:18:46 -0800

No, it does it without error.  Of course I cannot "lsnrctl stat" it.

Ian 

-----Original Message-----
From: Li-Shan Cheng [mailto:exriscer@xxxxxxxxx] 
Sent: Thursday, January 26, 2006 1:14 PM
To: MacGregor, Ian A.
Cc: Jared Still; oracledba.williams@xxxxxxxxx; oracle-l
Subject: Re: Oracle rootkit

Dont you see this error?!
 
 
Error listening on: 
(DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(HOST=rac02.risc.com)(PORT=1522)))
TNS-12542: TNS:address already in use
 TNS-12560: TNS:protocol adapter error
  TNS-00512: Address already in use 
   Linux Error: 98: Address already in use
 
I have already a listener started at port 1522
 


 
On 1/26/06, MacGregor, Ian A. <ian@xxxxxxxxxxxxxxxxx> wrote: 

        Thanks I've never tried to start a listener remotely, and was wondering 
why the start was not password protected.  On our oracle 10 databases, Oracle 
every once in a while decides to startup a second listener on the same port.  
This happens sporadically but we get this on at least one daytabase very three 
or four months.  It may have something to do with OEM.  Anyway, having two 
listeners on the same  port results in a denial of service. 
        
        Ian
        
        -----Original Message-----
        From: Jared Still [mailto:jkstill@xxxxxxxxx]
        Sent: Thursday, January 26, 2006 9:12 AM
        To: MacGregor, Ian A.
        Cc: oracledba.williams@xxxxxxxxx <mailto:oracledba.williams@xxxxxxxxx> 
; oracle-l
        Subject: Re: Oracle rootkit
        
        
        
        On 1/25/06, MacGregor, Ian A. <ian@xxxxxxxxxxxxxxxxx> wrote:
        
        
               On a related topic, Oracle sometimes decides to startua second 
listener on the same port; there by causing denial of service. 
        
        
        
        If you mean the server does this automatically, can you explain?  I'm 
not familiar with that.
        
        
        
               Under Oracle 9i and before the password only provided protection 
against shutting down the listener, not starting it up. 
        
        
        
        IIRC you can shut down the listener remotely, but need to be on the 
server to start it.
        This applies to unix and linux.
        
        On windows, anyone with admin access can remotely stop/start the 
listener through the Services applet. 
        
        
        --
        Jared Still
        Certifiable Oracle DBA and Part Time Perl Evangelist
        
        
        
        --
        http://www.freelists.org/webpage/oracle-l
        
        
        


--
http://www.freelists.org/webpage/oracle-l

• » Oracle rootkit
• » Re: Oracle rootkit
• » Re: Oracle rootkit
• » RE: Oracle rootkit
• » Re: Oracle rootkit
• » RE: Oracle rootkit
• » Re: Oracle rootkit
• » Re: Oracle rootkit
• » Re: Oracle rootkit
• » RE: Oracle rootkit
• » Re: Oracle rootkit
• » RE: Oracle rootkit
• » RE: Oracle rootkit
• » RE: Oracle rootkit

• » Related posts
• » Previous by Date
• » Next by Date
• » This Month's Archive
• » Main Archive Page

• » View list details
• » Manage your subscription