I just checked. The only presence of this feature in the Bash man page is under REDIRECTION with the following, as the fifth and sixth elements of the list:
/dev/tcp/host/port
If host is a valid hostname or Internet address, and port is an integer
port number or service name, bash attempts to open the corresponding
TCP socket.
/dev/udp/host/port
If host is a valid hostname or Internet address, and port is an integer
port number or service name, bash attempts to open the corresponding
UDP socket.
It's not a feature with a large documentation footprint. I've known about it for a while, but mostly only in the context of security too. I have wondered whether the majority use of this feature is to provide hacked network shells before. It's probably a feature that never should have been added, though I understand the initial appeal.
It's a terrible "feature". Not only is it poorly documented (as noted) and redundant to common shell utilities (like nc), it's also implemented in a way that confusingly implies that it's part of the operating system. (And if your OS ever implemented a "real" /dev/tcp, I suspect that this Bash feature would make it inaccessible.)
We've used it for simple health ping scripts before in systems where bash is the only language guaranteed to be available and compiling a binary was overkill.
I've also used it to issue Redis and other text based protocol commands without having to have a large runtime or library.
But in both those scenarios the environment was pretty restrictive.
