Parameters for Enhanced Security of Database Communication
Reporting Bad Packets Received on the Database from Protocol Errors Networking communication utilities such as Oracle Call Interface (OCI) or Two-Task Common (TTC) can generate a large disk file containing the stack trace and heap dump when the server receives a bad packet, out-of-sequence packet, or a private or an unused remote procedure call. Typically, this disk file can grow quite large. An intruder can potentially cripple a system by repeatedly sending bad packets to the server, which can result in disk flooding and denial of service. An unauthenticated client can also mount this type of attack. You can prevent these attacks by setting the SEC_PROTOCOL_ERROR_TRACE_ACTION initialization parameter to one of the following values: ■
None: Configures the server to ignore the bad packets and does not generate any trace files or log messages. Use this setting if the server availability is overwhelmingly more important than knowing that bad packets are being received. For example: SEC_PROTOCOL_ERROR_TRACE_ACTION = None
■
Trace (default setting): Creates the trace files, but it is useful for debugging purposes, for example, when a network client is sending bad packets as a result of a bug. For example: SEC_PROTOCOL_ERROR_TRACE_ACTION = Trace
■
Log: Writes a short, one-line message to the server trace file. This choice balances some level of auditing with system availability. For example: SEC_PROTOCOL_ERROR_TRACE_ACTION = Log
■
Alert: Writes a short, one-line error message to the server trace file and alert log. For example: SEC_PROTOCOL_ERROR_TRACE_ACTION = Alert
Terminating or Resuming Server Execution After Receiving a Bad Packet After Oracle Database detects a client or server protocol error, it needs to continue execution. However, this could subject the server to further bad packets, which could lead to disk flooding or denial-of-service attacks. You can control the further execution of a server process when it is receiving bad packets from a potentially malicious client by setting the SEC_PROTOCOL_ERROR_ FURTHER_ACTION initialization parameter to one of the following values: ■
Continue (default setting): Continues the server execution. However, be aware that the server may be subject to further attacks. For example: SEC_PROTOCOL_ERROR_FURTHER_ACTION = Continue
■
5-12
Delay,m: Delays the client m seconds before the server can accept the next request from the same client connection. This setting prevents malicious clients from
Oracle Database Security Guide