Port 66: Oracle SQL*NET — The Database Door That Required Too Much Permission

The Port Oracle Owned but Never Used

Port 66 was assigned by IANA to Oracle for SQL*NET, the networking protocol that allowed Oracle database clients to communicate with database servers across a network.¹ This was Oracle's official, IANA-sanctioned door into the well-known port range.

They walked away from it.

The reason is practical and a little ironic. Ports 0 through 1023 are "well-known" ports, and on Unix-like operating systems, binding to any port in this range requires superuser (root) privileges.² For a database listener that needs to run constantly on production servers, requiring root access just to open a network socket was an unnecessary security risk and an operational headache. Database administrators don't want to run their Oracle listeners as root. Nobody should.

So Oracle moved to port 1521, which became the de facto standard for Oracle TNS (Transparent Network Substrate) listeners worldwide.³ The twist: port 1521 was officially registered to nCube License Manager at IANA, not to Oracle. The port Oracle actually owned in the registry, they couldn't use. The port they claimed by convention, they never formally owned.

SQL*NET: Oracle's First Network Voice

SQL*NET version 1 emerged in the late 1980s as Oracle was building the infrastructure for distributed database systems.⁴ The problem it solved was fundamental: how do you let a client application on one machine talk to an Oracle database on another machine, across potentially heterogeneous networks with different protocols?

The protocol went through significant evolution. SQL*NET version 2, released with Oracle 7 in 1992, introduced TNS (Transparent Network Substrate) as its underlying layer, providing network transparency and protocol independence.⁵ By 1997, with Oracle 8, the whole stack was repackaged as Net8. By Oracle 9i in 2001, it became Oracle Net Services.

Through all of these reinventions, port 66 stayed in the IANA registry, technically assigned to a protocol that no longer existed in its original form.

Jack Haverty and the ARPANET Connection

The IANA assignment for port 66 lists Jack Haverty as the contact. Haverty wasn't just an Oracle employee. He was a protégé of J.C.R. Licklider in the early 1970s, worked on the original ARPANET, and is credited with developing early versions of FTP and one of the world's first email systems.⁶ A contemporary of Vint Cerf and Bob Kahn, Haverty later joined Oracle in the 1990s as an Internet architect, where he worked on connecting web servers to databases alongside people like Tim Berners-Lee.

There's something fitting about a pioneer of the ARPANET registering Oracle's first well-known port. The person who helped build the Internet's earliest plumbing also reserved one of its numbered doors for the world's most commercially successful database.

The IANA Registry Cleanup

In a later effort to standardize service names, IANA renamed the port 66 entry from sql*net to sql-net, because the asterisk was an illegal character in service names per RFC 6335.⁷ The original entry was marked as "historic," meaning it is not usable with many common service discovery mechanisms.

The port still sits in the registry. It has Oracle's name on it. No one uses it.

How to Check What's Listening on Port 66

Because port 66 is effectively abandoned by its original assignee, finding anything listening on it is unusual and worth investigating:

# macOS / Linux
sudo lsof -i :66
netstat -an | grep ':66 '

# Windows
netstat -an | findstr ":66 "

If something is listening on port 66 and it isn't an Oracle database from the 1980s, investigate. Unoccupied well-known ports are sometimes adopted by malware precisely because security tools don't flag them as suspicious.⁸

Security

Port 66 has been flagged in some threat databases for historical use by trojans. This doesn't mean port 66 is inherently dangerous, but it reflects a general pattern: abandoned well-known ports are attractive to malicious software because they're less likely to be monitored. A well-known port with no expected traffic is, paradoxically, the perfect place to hide unexpected traffic.

Why This Port Matters

Port 66 is a small monument to the gap between official allocation and actual use. The Internet has 65,535 ports. IANA assigns them carefully. And then the industry does whatever it wants.

Oracle abandoned port 66 for a practical reason (privilege requirements), moved to a port that belonged to someone else (1521), and that became the standard. The official registry says one thing. The running infrastructure says another. Port 66 is a reminder that the Internet's real architecture is written in practice, not in registries.