views:

942

answers:

6

To help users, I would like my code to discover Oracle databases on the LAN. I thought to do this by first detecting all hosts, then checking each host to see if it is listening on Oracle's default port.

Any ideas how to go about this? Preferably in Java, but any language or algorithm would do.

A: 

In case you are looking for a tool Loo@Lan can do this for you. Unfortunatly there's no source available...

DR
+1  A: 

If you want to stay platform-independant, and unless you have access to some kind of database that lists the hosts, the only way to get a list is to try each IP address in the local network - might as well try to connect to the Oracle port on each of them.

There are lots of problems with this approach:

  • Will only search through the local network, which may only be a small part of the LAN (in case of large companies with lots of subnets)
  • Can take a long time (you definitely want to reduce the timeout for the connection attempts, but if someone has configured his LAN as a class A network, it will still take forever)
  • Can trigger all kinds of alerts, such as desktop users' personal firewalls, and intrusion detection systems - because you're doing exactly the same thing someone trying to exploit a security hole in Oracle servers would do
Michael Borgwardt
A: 

As brazzy points out, scanning for hosts is likely to cause problems, especially if there is a bug in your scanner.

A better approach may be to get the owners of the databases to register them somewhere, for example in a local DNS service (or does Oracle have zeroconf support?), or simply on some intranet webpage or wiki.

frankodwyer
+1  A: 

Are you using DHCP? If so, your DHCP server has a list of the leases it has passed out. That should do you for a list of hosts on the LAN. Then try opening a connection to the Oracle port on each of those hosts and see if it accepts the connection.

It should be pretty simple to implement as a shell script with half a dozen lines or so. Java seems like overkill for something like this. Loop through the leases file, grab the IP from each lease, and telnet to the Oracle port; if it connects, disconnect and print the IP to standard out.

Adam Jaskiewicz
A: 

All of these smart answers are the reasons why many companies do not use the default port. Using a different port for each database is entirely possible, you know.

David Aldridge
A: 

You better register the SID names/addresses to some server with a fixed address(maybe with a simple web service), and then query the list from there. Another approach is the bruteforce one (explained by @brazzy) by scanning one or more subnets, but this isn't really a good thing to do.

Camilo Díaz