Re: Oracle rootkit

On 1/26/06, Jared Still <jkstill@xxxxxxxxx> wrote:
>
>
>
> On 1/25/06, MacGregor, Ian A. <ian@xxxxxxxxxxxxxxxxx> wrote:
> >
> >
> > On a related topic, Oracle sometimes decides to startua second listener
> > on the same port; there by causing denial of service.
>
>
>
> If you mean the server does this automatically, can you explain?  I'm not
> familiar with that.
>
> Under Oracle 9i and before the password only provided protection against
> > shutting down the listener, not starting it up.
> >
>
> IIRC you can shut down the listener remotely, but need to be on the server
> to start it.
> This applies to unix and linux.
>
> On windows, anyone with admin access can remotely stop/start the listener
> through the Services applet.
>
>
> --
> Jared Still
> Certifiable Oracle DBA and Part Time Perl Evangelist
>
>
>
Jared,

I've seen a second listener started up on the same port, hosing both
listener proceses.
RHEL 3 AS, Oracle 10g R1 Standard Edition, 10.1.0.4.
It was not determined how a 2nd listener process was started on the server.

Paul

Other related posts: