When using this parameter in sqlnet.ora, and specifying host names, are
there any checks performed to see if a hostname has been spoofed?
Perhaps comparing the client's IP with a DNS lookup of the host name?

On Jun 29, 2:01*pm, Chuck <chuckh1958_nos... (AT) gmail (DOT) com> wrote:
No. The list is used 'as-is' without any verification via DNS lookup.


David Fitzjarrell

On 06/29/2010 08:39 PM, ddf wrote:
Not quite, David.

I cannot recall what exactly was the matter,
but I have had one instance where the listener
would not start because one of the clients
mentioned do longer existed.
Not sure if it was a DNS lookup to find the IP-address,
or the reverse (and the IP-address (DHCP!) was no
longer available).

Quite horrible if that's a production system, because
you will have to go through each and every name (in
case of DHCP clients) or IP-address (servers)

--

Regards,

Frank van Bortel

On Tue, 29 Jun 2010 21:18:16 +0200, Frank van Bortel wrote:

Based on my experience, it's far easier to block the undesired clients by
using the firewall rules than by using validnode checking. This feature
is useless.




--
http://mgogala.byethost5.com

On Jun 29, 3:18*pm, Frank van Bortel <fbor... (AT) home (DOT) nl> wrote:
That was likely an operating system check on connectivity rather than
Oracle verifying the location. The OP was asking, if I read this
correctly, about spoofed IP addresses indicating to me that the actual
server still exists but some unscrupulous malcontent is attempting to
connect via a spoofed IP. I doubt Oracle would catch such an
occurrence, happily allowing the spoofed access to the server.


David Fitzjarrell

On 06/29/2010 10:42 PM, Mladen Gogala wrote:
Not if you're internal - no firewall between client and server,
not in that direction anyway

--

Regards,

Frank van Bortel

On Jul 3, 9:43*am, Frank van Bortel <fbor... (AT) home (DOT) nl> wrote:
It depends. We have internal firewalls configured for internal users,
allowing only production application server access (which is
presumably hardened) as well as DBA's with custom firewall rules.
Internal users are often the most dangerous

On Sat, 03 Jul 2010 15:43:05 +0200, Frank van Bortel wrote:


Each Linux server comes equipped with internal firewall. If you configure
it properly, nobody will be able to tell the difference.



--
http://mgogala.byethost5.com

On 07/03/2010 11:18 PM, Mladen Gogala wrote:
Ah Linux, yes. Seems difficult, or too new.
In the mean time, will have to do with HP-UX...

Firewalling is done by the Network dept. HP-UX
is done by the UX dept (backups are part of
that, as it's a HP tape robot...), and Oracle
is done by yet another dept.

--

Regards,

Frank van Bortel