On Tuesday 19 August 2003 18:50, c g wrote:
... 1. Oracle 9i 9.2.0.1.0 Enterprise Database (with networking to clients) 2. Oracle 9i 9.2.0.1.0 Database Client (with networking)
Be sure to use Oracle's Advanced Security option for the SQL*Net ... errr, Net8 ... errr, 9i Net traffic. This is an Extra Cost Option. But without it the Oracle traffic is a clear text protocol. If you don't believe me, feel free to load up GPLed Ethereal and its TNS sniffing (TNS = Transparent Network Substrate, the "technical" temr for Oracle's protocl) and let us know what you see :-)) Something else you will discover is that Oracle's Listener port - 1521 by default - is pretty benign. The client uses it to find the server and a data base thereon. Then the server dynamically assigns a port# (above the magic "1023" threshold) for that client's session and sends it back to the client. The client then, in turn, calls back on that port# to establish its connection with desired data base. This makes it difficult, for example, to do much in the way of filtering with IPTables unless you try to do something dynamically. That port# will be shared with other clients if you are connection to a Multi-Threaded Server (MTS) Dispatcher. And if you can identify that port# through some other means (hint: nmap), then you could actually use a connection descriptor that takes you directly to the Dispatcher, avoiding the Listener altogether ... at least I was able to do that when I tried it on 8i! For the other case, you could also try identifying someone else's Dedicated Server port# and try connecting to that. Hopefully the results of that in 9i are the same as what I found in 8i ;-) Barry J.