Call: +44 (0)1904 557620 Call
Blog

Pete Finnigan's Oracle Security Weblog

This is the weblog for Pete Finnigan. Pete works in the area of Oracle security and he specialises in auditing Oracle databases for security issues. This weblog is aimed squarely at those interested in the security of their Oracle databases.

[Previous entry: "Pete Finnigan is now a member of the Oaktable network"] [Next entry: "Doug followed up on DBA_REGISTRY"]

Orablogs seems to be down - or maybe not!



I am an avid follower of the great http://www.orablogs.com - (broken link) Orablogs site and was saddened to notice that it has not been reachable for the last couple of days. I don't know if this is a global issue or a local one (I am UK based). I also noticed that someone had posted a question on comp.databases.oracl.server today asking http://groups-beta.google.com/group/comp.databases.oracle.server/browse_frm/thread/7a6c4852c519666b/3f771d58c22f030b?q=orablogs&rnum=1&hl=en#3f771d58c22f030b - (broken link) orablogs down?. I replied to that post on C.D.O.S. that it seems to be a DNS issue and also I suggested an alternate way to see Brian's site. I have emailed Brian to ask what the issue is as well.

The problem seems to be with DNS servers. But first some security background. I like my posts to at least have some security content! - I thought I would check into Brian's site and see if i could see where the problem lies. I did a ping from my PC on www.orablogs.com and got no results. I then tried tracert, to see if I could see where the problem lies, again no result. So I next thought about accessing orablogs by using instead the IP Address instead of the domain name. First I need the IP address. I like the Netcraft site as it gives some great info about sites. Kevin Mitnick mentions this site in his book The Art of Intrusion : The Real Stories Behind the Exploits of Hackers, Intruders & Deceivers - this is where i found it from a while ago. Netcraft.com has a search box in the top left corner where you can check out a site’s hosting details. I entered orablogs.com and found out the IP address and also noted that orablogs has had its server details changed a few times this year. It is interesting to note that the nameserver, DNS admin and reverse DNS are marked as not known. I checked my own site and saw these details are present. This confirmed my suspicions. So i tried to access orablogs with http://83.170.75.145/orablogs/ and found that it works. I was able to view orablogs. Then i thought about DNS issues and used the site www.dnsreport.com and entered orablogs.com, the report shows some warnings and failures. As I said I have asked Brian what the problems are.

This is a good issue to look into; the moral of the story is that there are plenty of sites out there on the net that can divulge huge amounts about your own site or about anyone else’s. This information is effectively public. If you run a site or host an Oracle database to the Internet then beware of what can be found out about it.