Auditing an Oracle database for security issues is very important. PeteFinnigan.com provides all of the information and tools that you will need Click here for details of PeteFinnigan.com Limited's detailed Oracle database security audit service Click here for details of PeteFinnigan.com Limited's Oracle Security Training Courses
There are 50 visitors online    
Cookie Policy:We only use essential cookies on small sections of this website. For details see here.


Back

How to Stop / shutdown the ftp and http ports (2100 and 8080) on 91R2

This short article shows how you can disable the two new ports that are enabled by default in a 9iR2 release of the Oracle database. This was an answer that I posted to a newsgroup / mailing list. Here it is:

Oracle 9ir2 default install comes with two additional ports (8080 and 2100) from the new OSE integrated stack in the database. These are a security risk if you do not actually need them and control them as anyone with a browser can attempt to break into your database. You can see them with "lsnrctl status" command or via enterprise manager. 

	C:\>lsnrctl status
	
	LSNRCTL for 32-bit Windows: Version 9.2.0.1.0 - Production on 18-FEB-2004 19:30:24

	Copyright (c) 1991, 2002, Oracle Corporation.  All rights reserved.

	Connecting to (DESCRIPTION=(ADDRESS=(PROTOCOL=IPC)(KEY=EXTPROC0)))
	STATUS of the LISTENER
	------------------------
	Alias                     LISTENER
	Version                   TNSLSNR for 32-bit Windows: Version 9.2.0.1.0 - Produc
	tion
	Start Date                17-FEB-2004 08:48:08
	Uptime                    1 days 10 hr. 42 min. 16 sec
	Trace Level               off
	Security                  OFF
	SNMP                      OFF
	Listener Parameter File   C:\oracle\ora90\network\admin\listener.ora
	Listener Log File         C:\oracle\ora90\network\log\listener.log
	Listening Endpoints Summary...
  	(DESCRIPTION=(ADDRESS=(PROTOCOL=ipc)(PIPENAME=\\.\pipe\EXTPROC0ipc)))
  	(DESCRIPTION=(ADDRESS=(PROTOCOL=tcp)(HOST=zulia)(PORT=1521)))
  	(DESCRIPTION=(ADDRESS=(PROTOCOL=tcp)(HOST=zulia)(PORT=8080))(Presentation=HTTP
  	  )(Session=RAW))
  	(DESCRIPTION=(ADDRESS=(PROTOCOL=tcp)(HOST=zulia)(PORT=2100))(Presentation=FTP)
	  (Session=RAW))
	Services Summary...
	Service "PLSExtProc" has 1 instance(s).
  	  Instance "PLSExtProc", status UNKNOWN, has 1 handler(s) for this service...
	Service "sans" has 2 instance(s).
	  Instance "sans", status UNKNOWN, has 1 handler(s) for this service...
	  Instance "sans", status READY, has 1 handler(s) for this service...
	Service "sansXDB" has 1 instance(s).
	  Instance "sans", status READY, has 1 handler(s) for this service...
	The command completed successfully

	C:\>

The best way to get rid of them is to alter the init.ora file and remove the line that reads 

	dispatcher=(PROTOCOL=TCP) (SERVICE=orat92XDB)

If you use spfile then copy to init.ora first, stop and then start the database with init.ora and copy back to spfile. eg:

Create pfile='/path/initSID.ora' from Spfile='/path/spfileSID.ora';

Change initSID.ora Delete old spfile

Create spfile='/path/spfileSID.ora' from Pfile='/path/initSID.ora';

As always I should point out the security risks of having default installations that enable common ports such as ftp and http. Both of these ports can be brute forced remotely and there is no logging or auditing to catch the culprit. Unless you protect the use of these ports in your Oracle database or absolutely need them then you should disable them.



Back