Empire strikes back, network security edition

Our network edge security provider never sleeps. Another day, another missive:

Dear XXX,

Kindly be informed that we are getting suspicious traffic from the below IPs to 8.8.8.8 and 8.8.4.4

The source IPs are : <bunch of internal IP addresses>

On our gentle inquiry what kind of traffic they’re getting and what makes said traffic suspicious, we got following response:

Dear XXX,

First we need to know from the customer  if there is a legal traffic between the mentioned sources and destinations.

If it’s legal what kind of communication is this. And the rate of requests per second.

Based on those information we can provide you with more details.

Probably should write them back that these VMs are infected by the botnet called DNS.

Advertisements
Empire strikes back, network security edition

Daily WTF: Scrum you must

So, our devs are doing Scrum. But, of course, there are numerous ways how to improve process and delivery in the company. After brainstorming, analysing, discussions and hard work grand plan is compiled. Could you guess what are the actionable items? Et voilà!

  • Involve Product Owner in planning.
  • Set development time estimation process.

Yes, scrum you must! Come think of it, there was a project couple of years ago, where product owner habitually walked around and complained loudly, that he has no control over product backlog and what exactly is going to be implemented. At that time I took that as a rather funny aberration. Alas, no…

Daily WTF: Scrum you must

Gregor Samsa bites again

Probably you have heard about a guy called Gregor Samsa, who turned into a cockroach in Franz Kafka’s Metamorphosis. Seems that Gregor is pretty well these days and kicking around in the Java-related software. On first moment I thought  BEA Oracle JRockit developers have found their own inner Gregor Samsa:

[INFO ][memory ] Allocation of 314136 bytes failed for heap ""
[INFO ][memory ] TLA bailout requested (heap=0x9bf1f1f0)!
[INFO ][memory ] TLA unwind thread links.
[INFO ][memory ] Throwing OutOfMemory: CG(q0) [GregorSamsa.()V] JVM@cgFail (src/jvm/code/codemanager.c:693). Java heapsize=2147483648, paged memory=20
88136704
07:10:23|xxxmanagedserver+1.2.3.4|ERROR|exceptions.WebErrorHandler|Fatal error occured.|
java.lang.NoClassDefFoundError: GregorSamsa
        at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
        at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:39)
        at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:27)
        at java.lang.reflect.Constructor.newInstance(Constructor.java:494)
        at java.lang.Class.newInstance0(Class.java:350)
        at java.lang.Class.newInstance(Class.java:303)
        at com.sun.org.apache.xalan.internal.xsltc.trax.TemplatesImpl.getTransletInstance(TemplatesImpl.java:338)
        at com.sun.org.apache.xalan.internal.xsltc.trax.TemplatesImpl.newTransformer(TemplatesImpl.java:367)

But no, this is the same old Apache Xalan joke.

Gregor Samsa bites again

Enabling session trace in Oracle

Yesterday some poor soul hit the blog with a search, “how do i enable runtime trace in oracle”. So for an answer just a quick note on the subject.

My all time favourite is enabling trace via logon trigger:

CREATE OR REPLACE TRIGGER start_trace AFTER LOGON ON DATABASE
BEGIN
execute immediate 'alter session set tracefile_identifier=' || sys_context('USERENV', 'CURRENT_SCHEMA');
execute immediate 'alter session set events ''10046 trace name context forever, level 12''';
END;
/

Note that we’re altering default trace file name in the logon trigger as well. So in Oracle 11g and with schema name PRIITP, trace file name will be something like test11g_j000_6892_PRIITP.trc.

Other possibilities vary with Oracle version. In older versions one can use DBMS_SYSTEM.SET_EV procedure with following parameters:

  1. sid – Session Identifier
  2. serial# – Session serial number
  3. event – number of the event
  4. level – event’s level
  5. nm – empty string

Short example as well:

SQL> select sid,serial# from v$session where username='PRIITP';

       SID    SERIAL#
---------- ----------
       129        574

SQL> exec dbms_system.set_ev(129, 574, 10046, 12, '');

PL/SQL procedure successfully completed.

DBMS_SYSTEM is undocumented package, so use it at your own risk.

In newer versions (10g and better) you can use DBMS_MONITOR package, wich is fortunately documented.

Enabling session trace in Oracle

Where Goes the Direct IO

Small query which displays some details about the direct IO. Basically it adds tablespace and file information to the V$SORT_USAGE view. Since it references X$KTSSO table it must be executed as SYS. Rewriting this query to use only V$ views is left as an exercise for the reader 🙂

select a.event, a.sid, c.sql_hash_value,
  decode(d.ktssocnt, 0, 'PERMANENT', 1, 'TEMPORARY' ) contents,
  decode (d.ktssosegt, 1, 'SORT', 2, 'HASH', 3, 'DATA', 4, 'INDEX',
  5, 'LOB_DATA', 6, 'LOB_INDEX', null) as segment_type,
  b.tablespace_name, b.file_name, d.ktssofno as segfile#,
  d.ktssobno as segblk#, d.ktssoexts as extents, d.ktssoblks as blocks,
  d.ktssorfno as segrfno#
from v$session_wait a, dba_data_files b, v$session c, x$ktsso d
where c.saddr = d.ktssoses(+) and c.serial# = d.ktssosno(+)
and d.inst_id(+) = userenv('instance') and a.sid = c.sid
and a.p1 = b.file_id and a.event like 'direct path%'
union all
select a.event, a.sid, c.sql_hash_value,
  decode(d.ktssocnt, 0, 'PERMANENT', 1, 'TEMPORARY', null ) contents,
  decode (d.ktssosegt, 1, 'SORT', 2, 'HASH', 3, 'DATA', 4, 'INDEX',
  5, 'LOB_DATA', 6, 'LOB_INDEX', null) as segment_type,
  b.tablespace_name, b.file_name, d.ktssofno as segfile#,
  d.ktssobno as segblk#, d.ktssoexts as extents, d.ktssoblks as blocks,
  d.ktssorfno as segrfno#
from v$session_wait a, dba_temp_files b, v$session c, x$ktsso d, v$parameter f
where c.saddr = d.ktssoses(+) and c.serial# = d.ktssosno(+)
and d.inst_id(+) = userenv('instance') and a.sid = c.sid
and b.file_id = a.p1 - f.value and a.event like 'direct path%'
and f.name = 'db_files'
order by 1,2;
Where Goes the Direct IO

A Quest for the V$TEMPSEG_USAGE

Somewhere in Oracle 9.2 timeframe V$SORT_USAGE fixed view become undocumented, and instead of it V$TEMPSEG_USAGE was born. Ever wondered, how V$TEMPSEG_USAGE is defined? This output is from 11g:

SQL> select * from v$fixed_view_definition where view_name='V$TEMPSEG_USAGE';

no rows selected

SQL> select owner, object_type from dba_objects where object_name='V$TEMPSEG_USAGE';

OWNER                          OBJECT_TYPE
------------------------------ -------------------
PUBLIC                         SYNONYM

SQL> select * from dba_synonyms where synonym_name='V$TEMPSEG_USAGE';

OWNER                          SYNONYM_NAME
------------------------------ ------------------------------
TABLE_OWNER                    TABLE_NAME
------------------------------ ------------------------------
DB_LINK
--------------------------------------------------------------------------------

PUBLIC                         V$TEMPSEG_USAGE
SYS                            V_$SORT_USAGE

SQL> select owner, object_type from dba_objects where object_name='V_$SORT_USAGE
';

OWNER                          OBJECT_TYPE
------------------------------ -------------------
SYS                            VIEW

SQL> set long 20000
SQL> select text from dba_views where view_name='V_$SORT_USAGE';

TEXT
--------------------------------------------------------------------------------

select "USERNAME","USER","SESSION_ADDR","SESSION_NUM","SQLADDR","SQLHASH","SQL_I

D","TABLESPACE","CONTENTS","SEGTYPE","SEGFILE#","SEGBLK#","EXTENTS","BLOCKS","SE

GRFNO#" from v$sort_usage

Sure, V$TEMPSEG_USAGE is much better name for that view than V$SORT_USAGE is, since it lists all temporary segments being used, not only sort segments. Introducing new fixed view via this kludge is really amusing.

A Quest for the V$TEMPSEG_USAGE