On Fri, Jan 17, 2014 at 12:59 AM, Nuno Souto <dbvision@xxxxxxxxxxxx> wrote: > 1521 is the default Oracle listener port since the deluge. Using that > port is > an open avenue for any hacker worth his/her salt to run a sniffer in a > Linux node to get all Oracle pwds. > First thing I do in any site I run is change the port to something else - > which is NOT disclosed other than through tnsnames. > Uh-huh, not with this mob. 1521 is "the recommended port" and that is > what must be used. > REALLY? > I'm not saying this isn't a valid opinion, and I've certainly seen it expressed numerous times, but it only takes about 3 seconds for nmap (or similar utilities) to identify the changed port. This might provide a small amount of protection, against the fire-and-forget script kiddies, but is unlikely to deter a motivated attacker in the slightest. Enabling network encryption, on the other hand, can provide quite a bit of protection against network sniffing.