Hi Ethan, I have not heard that Oracle will include a lock out or the listener but I did hear that they will change the listener to allow the text strings to be changed dynamically so that listeners can be made "silent" in terms of the banner info they give out.
It would be nice if Oracle did put a lock out on the listener though to prevent brute force attacks and password management features - Are you listening Mary Ann?? The listener can be easily brute forced as there is as you know no lock out and no facilities to enforce strong passwords. Brute forcing is easy just send a lot of "set password" commands to the listener from a script. failed attempts will be sent to the log file as error TNS-01169 if logging is set with "set log_status on". hth kind regards Pete -- Pete Finnigan email:[EMAIL PROTECTED] Web site: http://www.petefinnigan.com - Oracle security audit specialists Book:Oracle security step-by-step Guide - see http://store.sans.org for details. -- Please see the official ORACLE-L FAQ: http://www.orafaq.net -- Author: Pete Finnigan INET: [EMAIL PROTECTED] Fat City Network Services -- 858-538-5051 http://www.fatcity.com San Diego, California -- Mailing list and web hosting services --------------------------------------------------------------------- To REMOVE yourself from this mailing list, send an E-Mail message to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in the message BODY, include a line containing: UNSUB ORACLE-L (or the name of mailing list you want to be removed from). You may also send the HELP command for other information (like subscribing).
