How to Stop / shutdown the ftp and http ports (2100 and 8080) on 91R2
This short article shows how you can disable the two new ports that are enabled by default in a 9iR2 release of the Oracle database. This was an answer that I posted to a newsgroup / mailing list. Here it is:
Oracle 9ir2 default install comes with two additional ports (8080 and 2100) from the new OSE integrated stack in the database. These are a security risk if you do not actually need them and control them as anyone with a browser can attempt to break into your database. You cansee them with "lsnrctl status" command or via enterprise manager.
C:\>lsnrctl status LSNRCTL for 32-bit Windows: Version 220.127.116.11.0 - Production on 18-FEB-2004 19:30:24 Copyright (c) 1991, 2002, Oracle Corporation. All rights reserved. Connecting to (DESCRIPTION=(ADDRESS=(PROTOCOL=IPC)(KEY=EXTPROC0))) STATUS of the LISTENER ------------------------ Alias LISTENER Version TNSLSNR for 32-bit Windows: Version 18.104.22.168.0 - Produc tion Start Date 17-FEB-2004 08:48:08 Uptime 1 days 10 hr. 42 min. 16 sec Trace Level off Security OFF SNMP OFF Listener Parameter File C:\oracle\ora90\network\admin\listener.ora Listener Log File C:\oracle\ora90\network\log\listener.log Listening Endpoints Summary... (DESCRIPTION=(ADDRESS=(PROTOCOL=ipc)(PIPENAME=\\.\pipe\EXTPROC0ipc))) (DESCRIPTION=(ADDRESS=(PROTOCOL=tcp)(HOST=zulia)(PORT=1521))) (DESCRIPTION=(ADDRESS=(PROTOCOL=tcp)(HOST=zulia)(PORT=8080))(Presentation=HTTP )(Session=RAW)) (DESCRIPTION=(ADDRESS=(PROTOCOL=tcp)(HOST=zulia)(PORT=2100))(Presentation=FTP) (Session=RAW)) Services Summary... Service "PLSExtProc" has 1 instance(s). Instance "PLSExtProc", status UNKNOWN, has 1 handler(s) for this service... Service "sans" has 2 instance(s). Instance "sans", status UNKNOWN, has 1 handler(s) for this service... Instance "sans", status READY, has 1 handler(s) for this service... Service "sansXDB" has 1 instance(s). Instance "sans", status READY, has 1 handler(s) for this service... The command completed successfully C:\>
The best way to get rid of them is to alter the init.ora file and remove the line that reads
If you use spfile then copy to init.ora first, stop and then start the database with init.ora and copy back to spfile. eg:
Create pfile='/path/initSID.ora' from Spfile='/path/spfileSID.ora';
Change initSID.ora Delete old spfile
Create spfile='/path/spfileSID.ora' from Pfile='/path/initSID.ora';
As always I should point out the security risks of having default installations that enable common ports such as ftp and http. Both of these ports can be brute forced remotely and there is no logging or auditing to catch the culprit. Unless you protect the use of these ports in your Oracle database or absolutely need them then you should disable them.