The following table contains Oracle default ports for different products like Oracle Database or Oracle Application Server.
Changing the default ports can help to stop simple attacks but not real portscans. In the world of Oracle it is very often not possible to change the default port because the port is hardcoded.
At least for the Oracle database (except iasdb) it's is recommended to change the TNS listener port from 1521/1526 to something else.
The IANA default port number can be found here: http://www.iana.org/assignments/port-numbers
Changing the default ports can help to stop simple attacks but not real portscans. In the world of Oracle it is very often not possible to change the default port because the port is hardcoded.
At least for the Oracle database (except iasdb) it's is recommended to change the TNS listener port from 1521/1526 to something else.
The IANA default port number can be found here: http://www.iana.org/assignments/port-numbers
Service | Port | Product | How to change |
| Oracle HTTP Server listen port / Oracle HTTP Server port | 80 | Oracle Application Server | Edit httpd.conf and restart OHS |
| Oracle Internet Directory(non-SSL) | 389 | Oracle Application Server | |
| Oracle HTTP Server SSL port | 443 | Oracle Application Server | Edit httpd.conf and restart OHS |
| Oracle Internet Directory(SSL) | 636 | Oracle Application Server | |
| Oracle Net Listener / Enterprise Manager Repository port | 1521 | Oracle Application Server / Oracle Database | Edit listener.ora and restart listener |
| Oracle Net Listener | 1526 | Oracle Database | Edit listener.ora and restart listener |
| Oracle Names | 1575 | Oracle Database | Edit names.ora and restart names server |
| Oracle Connection Manager (CMAN) | 1630 | Oracle Connection Manager | Edit cman.ora and restart Connection Manager |
| Oracle JDBC for Rdb Thin Server | 1701 | Oracle Rdb | |
| Oracle Intelligent Agent | 1748 | Oracle Application Server | snmp_rw.ora |
| Oracle Intelligent Agent | 1754 | Oracle Application Server | snmp_rw.ora |
| Oracle Intelligent Agent | 1808 | Oracle Application Server | snmp_rw.ora |
| Oracle Intelligent Agent | 1809 | Oracle Application Server | snmp_rw.ora |
| Enterprise Manager Servlet port SSL | 1810 | Oracle Enterprise Manager | |
| Oracle Connection Manager Admin (CMAN) | 1830 | Oracle Connection Manager (CMAN) | Edit cman.ora and restart Connection Manager |
| Enterprise ManagerAgent port | 1831 | Oracle Enterprise Manager | |
| Enterprise Manager RMI port | 1850 | Oracle Enterprise Manager | |
| Oracle XMLDB FTP Port | 2100 | Oracle Database | change dbms_xdb.cfg_update |
| Oracle GIOP IIOP | 2481 | Oracle Database | Edit listener.ora/init.ora and restart listener/database |
| Oracle GIOP IIOP for SSL | 2482 | Oracle Database | Edit listener.ora/init.ora and restart listener/database |
| Oracle OC4J RMI | 3201 | Oracle Application Server | |
| Oracle OC4J AJP | 3301 | Oracle Application Server | |
| Enterprise Manager Reporting port | 3339 | Oracle Application Server | Edit oem_webstage/oem.confand restart OHS |
| Oracle OC4J IIOP | 3401 | Oracle Application Server | |
| Oracle OC4J IIOPS1 | 3501 | Oracle Application Server | |
| Oracle OC4J IIOPS2 | 3601 | Oracle Application Server | |
| Oracle OC4J JMS | 3701 | Oracle Application Server | |
| Oracle9iAS Web Cache Admin port | 4000 | Oracle Application Server | Webcache Admin GUI or webcache.xml |
| Oracle9iAS Web Cache Invalidation port | 4001 | Oracle Application Server | Webcache Admin GUI or webcache.xml |
| Oracle9iAS Web Cache Statistics port | 4002 | Oracle Application Server | Webcache Admin GUI or webcache.xml |
| Oracle Internet Directory(SSL) | 4031 | Oracle Application Server | |
| Oracle Internet Directory(non-SSL) | 4032 | Oracle Application Server | |
| OracleAS Certificate Authority (OCA) - Server Authentication | 4400 | Oracle Application Server | |
| OracleAS Certificate Authority (OCA) - Mutual Authentication | 4401 | Oracle Application Server | |
| Oracle HTTP Server SSL port | 4443 | Oracle Application Server | Edit httpd.conf and restart OHS |
| Oracle9iAS Web Cache HTTP Listen(SSL) port | 4444 | Oracle Application Server | Webcache Admin GUI or webcache.xml |
| Oracle TimesTen | 4662 | Oracle TimesTen | |
| Oracle TimesTen | 4758 | Oracle TimesTen | |
| Oracle TimesTen | 4759 | Oracle TimesTen | |
| Oracle TimesTen | 4761 | Oracle TimesTen | |
| Oracle TimesTen | 4764 | Oracle TimesTen | |
| Oracle TimesTen | 4766 | Oracle TimesTen | |
| Oracle TimesTen | 4767 | Oracle TimesTen | |
| Oracle Enterprise Manager Web Console | 5500 | Oracle Enterprise Manager Web | |
| iSQLPlus 10g | 5560 | Oracle i*SQLPlus | |
| iSQLPlus 10g | 5580 | Oracle i*SQLPlus RMI Port | |
| Oracle Notification Service request port | 6003 | Oracle Application Server | |
| Oracle Notification Service local port | 6100 | Oracle Application Server | |
| Oracle Notification Service remote port | 6200 | Oracle Application Server | |
| Oracle9iAS Clickstream Collector Agent | 6668 | Oracle Application Server | |
| Java Object Cache port | 7000 | Oracle Application Server | |
| DCM Java Object Cache port | 7100 | Oracle Application Server | |
| Oracle HTTP Server Diagnostic Port | 7200 | Oracle Application Server | |
| Oracle HTTP Server Port Tunneling | 7501 | Oracle Application Server | |
| Oracle HTTP Server listen port / Oracle HTTP Server port | 7777 | Oracle Application Server | Edit httpd.conf and restart OHS |
| Oracle9iAS Web Cache HTTP Listen(non-SSL) port | 7779 | Oracle Application Server | Webcache Admin GUI or webcache.xml |
| Oracle HTTP Server Jserv port | 8007 | Oracle Application Server | |
| Oracle XMLDB HTTP port | 8080 | Oracle Database | change dbms_xdb.cfg_update |
| OC4J Forms / Reports Instance | 8888 | Oracle Developer Suite | |
| OC4J Forms / Reports Instance | 8889 | Oracle Developer Suite | |
| Oracle Forms Server 6 / 6i | 9000 | Oracle Application Server | |
| Oracle SOAP Server | 9998 | Oracle Application Server | |
| OS Agent | 14000 | Oracle Application Server | |
| Oracle Times Ten | 15000 | Oracle Times Ten | |
| Oracle Times Ten | 15002 | Oracle Times Ten | |
| Oracle Times Ten | 15004 | Oracle Times Ten | |
| Log Loader | 44000 | Oracle Enterprise Manager |
------------
Oracle Enterprise Manager (OEM) Cloud Control.
1
2
3
4
5
6
7
8
9
10
11
12
13
| Port Name Normal Ranges Exadata Default ValueEM Upload HTTP Port 4889-4898 4889EM Upload HTTPS Port 1559,4899-4908 1159Node Mgr HTTPS Port 7401-7500 CheckManaged Server HTTP Port 7201-7300 CheckEM Console HTTP Port 7788-7798 7788EM Console HTTPS Port 7799-7809 7799Management Agent Port 3872,1830-1849 CheckAdmin Server HTTP Port 7001 CheckAdmin Server HTTPS Port 7101-7200 CheckManaged Server HTTPS Port 7301-7400 Check |
Check means check the port number configured in the installation.
There are a few ports not necessarily through the firewall between Exadata and OEM OMS.
1
| EM Repository DB Port 1521 |
There are also some more ports related to OEM and optional, and only need when using the components.
1
2
3
4
5
6
7
8
9
10
11
12
| Port Name Port NumberJVM Diagnostics Managed Server 3800JVM Diagnostics Managed Server (SSL) 3801ADP RMI Registry Port 51099ADP Java Provider Port 55003ADP Remote Service Controller Port 55000ADP Listen 4210ADP Listen Port (SSL) 4211BI Publisher HTTP 9701BI Publisher HTTPS 9702Secure web connection to oracle.com 443 |
Note: Port 443 is https to updates.oracle.com, support.oracle.com, ccr.oracle.com, login.oracle.com,aru-akam.oracle.com
It is outgoing from OMS and used for communication with Oracle for OCM, MOS, Patching, Self-Updates, ASR.
It is outgoing from OMS and used for communication with Oracle for OCM, MOS, Patching, Self-Updates, ASR.
To verify detail about the ports used in oms, you can run the followings
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
| [oracle@gc12c bin]$ emctl status oms -detailsOracle Enterprise Manager Cloud Control 12c Release 2Copyright (c) 1996, 2012 Oracle Corporation. All rights reserved.Enter Enterprise Manager Root (SYSMAN) Password :Console Server Host : gc12c.enkitec.comHTTP Console Port : 7789HTTPS Console Port : 7801HTTP Upload Port : 4890HTTPS Upload Port : 4901EM Instance Home : /u01/app/oracle/oms12c/gc_inst/em/EMGC_OMS1OMS Log Directory Location : /u01/app/oracle/oms12c/gc_inst/em/EMGC_OMS1/sysman/logOMS is not configured with SLB or virtual hostnameAgent Upload is locked.OMS Console is locked.Active CA ID: 1Console URL: https://gc12c.enkitec.com:7801/emUpload URL: https://gc12c.enkitec.com:4901/empbs/uploadWLS Domain InformationDomain Name : GCDomainAdmin Server Host: gc12c.enkitec.comManaged Server InformationManaged Server Instance Name: EMGC_OMS1Managed Server Instance Host: gc12c.enkitec.comWebTier is UpOracle Management Server is Up |
I could not find a command to show what’s port number is used for something like Node Manager, Managed Server. But do find a way to show this kind of information from a temp file in the initial installation. The file is in MIDDLEWARE_HOME/.gcinstall_temp/staticports.ini on OMS host.
1
2
3
4
5
6
7
8
9
10
| [oracle@gc12c oracle]$ cat /u01/app/oracle/oms12c/.gcinstall_temp/staticports.iniEnterprise Manager Upload Http Port=4890Enterprise Manager Upload Http SSL Port=4901Enterprise Manager Central Console Http SSL Port=7801Node Manager Http SSL Port=7405Managed Server Http Port=7203Enterprise Manager Central Console Http Port=7789Oracle Management Agent Port=3872Admin Server Http SSL Port=7102Managed Server Http SSL Port=7302 |
No comments:
Post a Comment