Home page logo

Nmap Announce mailing list archives

Re: Port statistics
From: "Jonathan Day" <jd9812 () my-Deja com>
Date: Sat, 20 May 2000 21:37:04 -0700

On Sat, 20 May 2000 03:33:35   Teolicy wrote:
Hello folks,

I've been wondering if anyone gathered any
serious scale statistics for port usage.

I think this could be useful, in a number of ways.

1) Has the administrator protected vulnerable OS'?

2) Is there a risk of a vulnerability chain-reaction?

3) Regardless of "official statistics", what (in the REAL world) is the preferred platform for different servers?

IMHO, you'd really want a UDP scan, too. There has been a lot of work with securing TCP stuff, but nowhere near as much 
with UDP. (Multicasting is a good example. I honestly don't know of any multicast scanners. I'm fairly sure nmap 
doesn't do multicast, yet.)

Ideally, you'd also want to use passive scans, as there would be an indeterminate number of machines behind firewalls & 
NAT, and/or using protocols other than IPv4. (Again, I am unaware of any scanners which handle anything else. IPv6, 
IPX, DECNet and AppleTalk seem to be very lacking in scanners, despite a lot of machines using these. Also, I don't 
know of any scanners which can detect if a machine handles SKIP or IPSec.)

Routing protocols would be useful to sniff out, too. (Again, I'm unaware of any scanner that looks for these.) Nmap 
doesn't yet ID many routers, AFAIK, so being able to identify a box as such, rather than as an "unknown", would add 
useful data to a network profile.

To be honest, I think you'll probably find the following figures are going to be fairly close to the mark, for most 
sites. You'll probably also find that the most significant servers are all on the least-used OS' for that company.

Windows (some variant): 70%
Solaris (some variant): 10%
OSF/1:  5%
*BSD    (some variant):  3%
Linux:  3%
MacOS:  3%
Others:  1%

I imagine professional network auditing companies will profile their clients' networks, to identify which areas they 
can sponge off large sums of money over, but besides those, I doubt there's been any real large-scale audit of network 

#if (lawyer == PRESENT)
#include <std/disclaimer.h>
#include <std/imho.h>
#include <disown/any-interpretation.h>

--== Sent via Deja.com http://www.deja.com/ ==--
Before you buy.

  By Date           By Thread  

Current thread:
  • Port statistics Teolicy (May 20)
    • <Possible follow-ups>
    • Re: Port statistics Jonathan Day (May 21)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]