2.2.12 Ensure 'SEC_PROTOCOL_ERROR_FURTHER_ACTION' Is Set to '(DROP,3)'

Warning! Audit Deprecated

This audit has been deprecated and will be removed in a future update.

View Next Audit Version

Information

The SEC_PROTOCOL_ERROR_FURTHER_ACTION setting determines the Oracle server's response to bad/malformed packets received from the client. This setting should have a value of (DROP,3), which will cause a connection to be dropped after three bad/malformed packets.

Rationale:

Bad packets received from the client can potentially indicate packet-based attacks on the system, such as 'TCP SYN Flood' or 'Smurf' attacks, which could result in a denial-of-service condition, this value should be set according to the needs of the organization.

Solution

To remediate this setting, execute the following SQL statement.

ALTER SYSTEM SET SEC_PROTOCOL_ERROR_FURTHER_ACTION = '(DROP,3)' SCOPE = SPFILE;

See Also

https://workbench.cisecurity.org/files/2868