A SOC team is investigating a recent, targeted social engineering attack on multiple employees. Cross-correlated log analysis revealed that two hours before the attack, multiple assets received requests on TCP port 79. Which action should be taken by the SOC team to mitigate this attack?
TCP port 79 is associated with the Finger protocol, which can be exploited for gathering information about users on a network. To mitigate the risk from this attack, it is advisable to configure the affected devices to disable the Finger service, thereby preventing attackers from obtaining detailed user information through this protocol.
he correct answer is D. Configure affected devices to disable the Finger service. TCP port 79 is associated with the Finger protocol, which is a service that is commonly used by attackers to gather information about users and assets. The best way to mitigate this attack is to disable the Finger service on affected devices to prevent further reconnaissance by attackers. It is also recommended to investigate the source of the requests on TCP port 79 to identify any potential indicators of compromise and further harden the organization's security posture. - ChatGPT
D as por TCP 79 refers to Finger