What’s up with port 79 ?
Scanning for BGP hosts that are vulnerable? From the ISC:
ISC reader Yew Chuan reports that he is seeing a steady increase in probes to tcp/79 (“finger”). Our own DShield sensors confirm this observation, as is visible on the image below. It’s been a while since we last had exploit attempts on tcp/79, and hardly anybody is using/running “finger” anymore these days. So .. what’s up? Anyone got packets?
Update 1330 UTC: Scanning for tcp/79 has been seen by many ISC readers, and most say the IP blocks it originated from are in China and Taiwan. No packets yet – looks like everyone has tcp/79 blocked, and only recorded the initial “SYN”.
For more info from the comments check out: ISC Diary | What’s up with port 79 ?.
Posted on June 28, 2012, in attacks, computer network, Hacking, Internet, Security, vulnerability and tagged China, High-performance computing, Internet Storm Center, ISC, Taiwan. Bookmark the permalink. Comments Off on What’s up with port 79 ?.