Back
How to Stop / shutdown the ftp and http ports (2100 and 8080) on 91R2
This short article shows how you can disable the two new ports that are enabled by default in a 9iR2 release of
the Oracle database. This was an answer that I posted to a newsgroup / mailing list. Here it is:
Oracle 9ir2 default install comes with two additional ports (8080 and
2100) from the new OSE integrated stack in the database. These are a
security risk if you do not actually need them and control them as
anyone with a browser can attempt to break into your database. You can
see them with "lsnrctl status" command or via enterprise manager.
The best way to get rid of them is to alter the init.ora file and remove
the line that reads
If you use spfile then copy to init.ora first, stop and then start the database with
init.ora and copy back to spfile. eg:
Create pfile='/path/initSID.ora' from
Spfile='/path/spfileSID.ora';
Change initSID.ora
Delete old spfile
Create spfile='/path/spfileSID.ora' from
Pfile='/path/initSID.ora';
As always I should point out the security risks of having default installations that enable common ports such as ftp and http. Both
of these ports can be brute forced remotely and there is no logging or auditing to catch the culprit. Unless you protect the use of these ports
in your Oracle database or absolutely need them then you should disable them.
C:\>lsnrctl status
LSNRCTL for 32-bit Windows: Version 9.2.0.1.0 - Production on 18-FEB-2004 19:30:24
Copyright (c) 1991, 2002, Oracle Corporation. All rights reserved.
Connecting to (DESCRIPTION=(ADDRESS=(PROTOCOL=IPC)(KEY=EXTPROC0)))
STATUS of the LISTENER
------------------------
Alias LISTENER
Version TNSLSNR for 32-bit Windows: Version 9.2.0.1.0 - Produc
tion
Start Date 17-FEB-2004 08:48:08
Uptime 1 days 10 hr. 42 min. 16 sec
Trace Level off
Security OFF
SNMP OFF
Listener Parameter File C:\oracle\ora90\network\admin\listener.ora
Listener Log File C:\oracle\ora90\network\log\listener.log
Listening Endpoints Summary...
(DESCRIPTION=(ADDRESS=(PROTOCOL=ipc)(PIPENAME=\\.\pipe\EXTPROC0ipc)))
(DESCRIPTION=(ADDRESS=(PROTOCOL=tcp)(HOST=zulia)(PORT=1521)))
(DESCRIPTION=(ADDRESS=(PROTOCOL=tcp)(HOST=zulia)(PORT=8080))(Presentation=HTTP
)(Session=RAW))
(DESCRIPTION=(ADDRESS=(PROTOCOL=tcp)(HOST=zulia)(PORT=2100))(Presentation=FTP)
(Session=RAW))
Services Summary...
Service "PLSExtProc" has 1 instance(s).
Instance "PLSExtProc", status UNKNOWN, has 1 handler(s) for this service...
Service "sans" has 2 instance(s).
Instance "sans", status UNKNOWN, has 1 handler(s) for this service...
Instance "sans", status READY, has 1 handler(s) for this service...
Service "sansXDB" has 1 instance(s).
Instance "sans", status READY, has 1 handler(s) for this service...
The command completed successfully
C:\>
dispatcher=(PROTOCOL=TCP) (SERVICE=orat92XDB)
Back