Internet-Security.com UDP port 49 details

UDP port 49 is used by the original TACACS and Cisco’s Extended TACACS (XTACACS) for network device AAA.
Cisco IOS routers and switches (and early Cisco AS5xxx access servers) were commonly configured to authenticate via TACACS/XTACACS over UDP 49.
Real server software that used UDP 49 includes Cisco’s xtacacsd (XTACACS daemon) on Unix and Livingston’s TACACS daemon used with Livingston PortMaster access servers.
Many dial‑up/remote access NAS deployments in the 1990s used UDP 49 between the NAS (e.g., Livingston PortMaster) and their TACACS/XTACACS backends.
While modern TACACS+ uses TCP 49, some environments keep legacy TACACS/XTACACS listeners on UDP 49 for backward compatibility with older gear.
Security note: legacy TACACS over UDP is unencrypted and has been targeted for credential sniffing and brute‑force attempts when exposed to the internet.

UDP 49