What’s up with port 79 ?

Scanning for BGP hosts that are vulnerable?  From the ISC:

ISC reader Yew Chuan reports that he is seeing a steady increase in probes to tcp/79 (“finger”). Our own DShield sensors confirm this observation, as is visible on the image below. It’s been a while since we last had exploit attempts on tcp/79, and hardly anybody is using/running “finger” anymore these days. So .. what’s up? Anyone got packets?

Update 1330 UTC: Scanning for tcp/79 has been seen by many ISC readers, and most say the IP blocks it originated from are in China and Taiwan. No packets yet – looks like everyone has tcp/79 blocked, and only recorded the initial “SYN”.

For more info from the comments check out:  ISC Diary | What’s up with port 79 ?.


About brvanlanen

Just a thirty-something guy currently hanging it up in the greater Green Bay area. My post-high school educational background is mainly in the Information Technology field. Specifically I have an A.A.S. in Computer Network Systems and a B.S. in Information Systems Security, both from ITT Technical Institute, in addition to A and MCDST certifications. In my free time I enjoy spending time with my family, cooking and sports. My Christian faith is also important to me as a Missouri-Synod Lutheran and all my children attend a Lutheran grade school. When it comes to political leanings I am a conservative first and foremost which you will discover rather quickly. As for sports I am a huge fan of the Green Bay Packers.

Posted on June 28, 2012, in attacks, computer network, Hacking, Internet, Security, vulnerability and tagged , , , , . Bookmark the permalink. Comments Off on What’s up with port 79 ?.

Comments are closed.

%d bloggers like this: