Home » RDBMS Server » Security » oracle listener (oracle 11g)
oracle listener [message #641043] Mon, 10 August 2015 02:43 Go to next message
maereg
Messages: 1
Registered: August 2015
Location: addis ababa Ethiopia
Junior Member
Dear all

why we need to change oracle default listener name and port?? what is the risk if it not changed?
thank you for your support!


[EDITED by LF: fixed topic title typo; was "listiner"]

[Updated on: Mon, 10 August 2015 06:59] by Moderator

Report message to a moderator

Re: oracle listiner [message #641045 is a reply to message #641043] Mon, 10 August 2015 03:31 Go to previous messageGo to next message
Lalit Kumar B
Messages: 3174
Registered: May 2013
Location: World Wide on the Web
Senior Member
Hi,

Welcome to the forum!

Please read and follow the OraFAQ Forum Guide and How to use [code] tags.

Can you please explain what exactly you are trying to do?
Re: oracle listiner [message #641047 is a reply to message #641043] Mon, 10 August 2015 03:39 Go to previous messageGo to next message
Michel Cadot
Messages: 68625
Registered: March 2007
Location: Nanterre, France, http://...
Senior Member
Account Moderator

Quote:
why we need to change oracle default listener name and port??


Defaults are known and so first attack.
Non defaults are a slightly harder to find.

Re: oracle listiner [message #641062 is a reply to message #641043] Mon, 10 August 2015 06:36 Go to previous messageGo to next message
EdStevens
Messages: 1376
Registered: September 2013
Senior Member
maereg wrote on Mon, 10 August 2015 02:43
Dear all

why we need to change oracle default listener name and port?? what is the risk if it not changed?
thank you for your support!


Who says you need to change them?
Yes, the name and port are well known. As is the port for a host of other services, like ftp, sftp, ssh, smtp, etc, etc.
See http://www.iana.org/assignments/service-names-port-numbers/service-names-port-numbers.xhtml
See https://en.wikipedia.org/wiki/List_of_TCP_and_UDP_port_numbers

If you or someone in your organization thinks this is a security issue, or that security is increased by moving a well-known service to a non-standard port, you/they are woefully misinformed. Ask yourself/them if they are prepared to move their smtp services or thier dns services to a non-standard port.
Re: oracle listiner [message #641077 is a reply to message #641062] Mon, 10 August 2015 08:17 Go to previous messageGo to next message
BlackSwan
Messages: 26766
Registered: January 2009
Location: SoCal
Senior Member
>Non defaults are a slightly harder to find.
Security by obscurity is neither.

GOOGLE "pmap"
Re: oracle listiner [message #641080 is a reply to message #641077] Mon, 10 August 2015 08:34 Go to previous messageGo to next message
Michel Cadot
Messages: 68625
Registered: March 2007
Location: Nanterre, France, http://...
Senior Member
Account Moderator

Yes, I know, this is the reason of the "slighty" but it is easier to detect a scan on the ports to find the listener one than to trap a possibly (in)valid try on port 1521.

Re: oracle listener [message #641120 is a reply to message #641043] Mon, 10 August 2015 15:05 Go to previous message
EdStevens
Messages: 1376
Registered: September 2013
Senior Member
Instead of giving yourself a false sense of security by changing the port the listener uses, why not address the real methods of securing an Oracle database?

See http://www.amazon.com/Effective-Oracle-Database-Security-Design/dp/0072231300/ref=sr_1_13?ie=UTF8&qid=1439236639&sr=8-13& keywords=oracle+security

It's a bit dated, being written when 10g was current, but the principles, and most of the specifics, are still very relevant.
Previous Topic: Oracle User - Authentcation via an LDAP Server
Next Topic: Modify other schema's Package
Goto Forum:
  


Current Time: Thu Mar 28 14:41:36 CDT 2024