Nmap Announce mailing list archives
Re: Port statistics
From: "Jonathan Day" <jd9812 () my-Deja com>
Date: Sat, 20 May 2000 21:37:04 -0700
On Sat, 20 May 2000 03:33:35 Teolicy wrote:
Hello folks, I've been wondering if anyone gathered any serious scale statistics for port usage.
<snip> I think this could be useful, in a number of ways. 1) Has the administrator protected vulnerable OS'? 2) Is there a risk of a vulnerability chain-reaction? 3) Regardless of "official statistics", what (in the REAL world) is the preferred platform for different servers? IMHO, you'd really want a UDP scan, too. There has been a lot of work with securing TCP stuff, but nowhere near as much with UDP. (Multicasting is a good example. I honestly don't know of any multicast scanners. I'm fairly sure nmap doesn't do multicast, yet.) Ideally, you'd also want to use passive scans, as there would be an indeterminate number of machines behind firewalls & NAT, and/or using protocols other than IPv4. (Again, I am unaware of any scanners which handle anything else. IPv6, IPX, DECNet and AppleTalk seem to be very lacking in scanners, despite a lot of machines using these. Also, I don't know of any scanners which can detect if a machine handles SKIP or IPSec.) Routing protocols would be useful to sniff out, too. (Again, I'm unaware of any scanner that looks for these.) Nmap doesn't yet ID many routers, AFAIK, so being able to identify a box as such, rather than as an "unknown", would add useful data to a network profile. To be honest, I think you'll probably find the following figures are going to be fairly close to the mark, for most sites. You'll probably also find that the most significant servers are all on the least-used OS' for that company. Windows (some variant): 70% Solaris (some variant): 10% OSF/1: 5% *BSD (some variant): 3% Linux: 3% MacOS: 3% Others: 1% I imagine professional network auditing companies will profile their clients' networks, to identify which areas they can sponge off large sums of money over, but besides those, I doubt there's been any real large-scale audit of network composition. #if (lawyer == PRESENT) #include <std/disclaimer.h> #include <std/imho.h> #include <disown/any-interpretation.h> #endif --== Sent via Deja.com http://www.deja.com/ ==-- Before you buy.
Current thread:
- Port statistics Teolicy (May 19)
- <Possible follow-ups>
- Re: Port statistics Jonathan Day (May 20)