Nmap Development mailing list archives

Re: Most popular ports updated last

From: Esa Jokinen via dev <dev () nmap org>
Date: Sat, 19 Feb 2022 19:28:02 +0200

On Thu, 2022-02-17 at 20:03 +0000, paacman via dev wrote:

When was the last time the most popular ports been updated in the
nmap-services file? I'm wondering about the usage frequency, it shows
http is the most opened port, I would think https is now the most
open port.


The port frequency information seems to be rather old; from Sep 5, 2008
commit 415bcdf1a64472a85b90158cf5cde8594443ef68 [1], and the open-
frequency column still has the same values for HTTP(S):

    http        80/tcp  0.484143        # World Wide Web HTTP
    http        80/udp  0.035767        # World Wide Web HTTP
    https       443/tcp 0.208669        # secure http (SSL)
    https       443/udp 0.010840

More recent statistics gathered from Shodan [2] show that HTTP is
currently open on around 19% of all public IP addresses seen by Shodan,
whereas HTTPS is open on around 15%. W3Techs reports HTTPS being the
default protocol for 78.4% of all the websites [3]. Google says that
100% of the top 100 sites works on HTTPS & 97% defaults to it [4].

The conspicuous difference between the statistics from port scans and
the statistics from HTTPS adoption reports can be explained with the
fact that almost every site defaulting to HTTPS still has port 80/tcp
open for HTTP to HTTPS redirection. Port scans will & should show these
ports as open despite it does not imply the sites are not protected
with TLS. The HTTP Strict Transport Security (HSTS) [5] reduces the
risk posed by an initially unencrypted connection on the 7% of the
domains that has adopted this technology by the Summer of 2019 [6].

If the open-frequency column was updated the statistics should come
from a source that does not concentrate on HTTP(S) alone.
 
[1] https://github.com/nmap/nmap/commit/415bcdf1a64472a85b90158cf5c
[2] https://untrustednetwork.net/en/2022/01/05/open_ports_2022/#web
[3] https://w3techs.com/technologies/details/ce-httpsdefault
[4] https://transparencyreport.google.com/https/overview
[5] https://datatracker.ietf.org/doc/html/rfc6797
[6] https://hstsadoption.github.io/

Esa Jokinen @oh2fih

_______________________________________________
Sent through the dev mailing list
https://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/

Current thread:

Most popular ports updated last paacman via dev (Feb 17)
- Re: Most popular ports updated last Esa Jokinen via dev (Feb 19)
- Re: Most popular ports updated last Robin Wood (Feb 19)