I saw a new paper on Alex's site the other day titled "Change XMLDB Ports" that explains how to change the default port numbers for HTTP and FTP in XMLDB. The paper is short and sweet and includes example PL/SQL code to change the port numbers. I have a simple paper on my site that shows a different way to disable the ports completely. This paper is called "How to Stop / shutdown the ftp and http ports (2100 and 8080) on 91R2
". Alex's paper does not allude to the fact that his code can also be used to disable the ports completely as well. This can be done by setting the port numbers to 0 (zero) in each PL/SQL call. The ports are enabled by default and should be disabled if the functionality is not needed. There are exploit codes published to attack these ports. There is also a Roby Sherman paper on the same subject. There is a link to it on my Oracle security white papers page
- search on Roby with CRTL-F in the page.