Last Updated: 2012-06-27 13:42:43 UTC
by Daniel Wesemann (Version: 2)
ISC reader Yew Chuan reports that he is seeing a steady increase in probes to tcp/79 ("finger"). Our own DShield sensors confirm this observation, as is visible on the image below. It's been a while since we last had exploit attempts on tcp/79, and hardly anybody is using/running "finger" anymore these days. So .. what's up? Anyone got packets?
Update 1330 UTC: Scanning for tcp/79 has been seen by many ISC readers, and most say the IP blocks it originated from are in China and Taiwan. No packets yet - looks like everyone has tcp/79 blocked, and only recorded the initial "SYN".