My personal IPs on AWS are being scanned for 3379. Apparently, this is SOCORFS, registered to one Hugo Charbonneau. This port is getting scanned a lot more often in recent months: https://isc.sans.edu/port.html?port=3379
Does anyone know what this is? It’s possible someone found a vulnerability in this protocol and we’re not yet publicly aware of it.
UPDATE: I reached out to Hugo, will update if I have information from him.
UPDATE 2: Hugo used to work at Socomar International (over 20 years ago), which was a company who built technology for ship tracking. SOCORFS may be “Soco RFS”. Socomar was dissolved in 2006 though. All content I could find online was that it’s unlikely that this company’s products are widely used today. So, there’s a good chance port 3379 is actually being used for something else, nothing related to SOCORFS.