| Oracle FAQ | Your Portal to the Oracle Knowledge Grid | |
 |
 | |||
| Oracle FAQ | Your Portal to the Oracle Knowledge Grid | |
|
| |||
Home -> Community -> Mailing Lists -> Oracle-L -> Re: Listener Lockout Feature
Hi Ethan,
I have not heard that Oracle will include a lock out or the listener but I did hear that they will change the listener to allow the text strings to be changed dynamically so that listeners can be made "silent" in terms of the banner info they give out.
It would be nice if Oracle did put a lock out on the listener though to prevent brute force attacks and password management features - Are you listening Mary Ann??
The listener can be easily brute forced as there is as you know no lock out and no facilities to enforce strong passwords. Brute forcing is easy just send a lot of "set password" commands to the listener from a script. failed attempts will be sent to the log file as error TNS-01169 if logging is set with "set log_status on".
hth
kind regards
Pete
--
Pete Finnigan
email:pete_at_petefinnigan.com
Web site: http://www.petefinnigan.com - Oracle security audit specialists
Book:Oracle security step-by-step Guide - see http://store.sans.org for details.
--
Please see the official ORACLE-L FAQ: http://www.orafaq.net
--
Author: Pete Finnigan
INET: oracle_list_at_peterfinnigan.demon.co.uk
Fat City Network Services -- 858-538-5051 http://www.fatcity.com San Diego, California -- Mailing list and web hosting services ---------------------------------------------------------------------To REMOVE yourself from this mailing list, send an E-Mail message to: ListGuru_at_fatcity.com (note EXACT spelling of 'ListGuru') and in the message BODY, include a line containing: UNSUB ORACLE-L (or the name of mailing list you want to be removed from). You may also send the HELP command for other information (like subscribing). Received on Wed Sep 03 2003 - 12:29:47 CDT
 |
 |