Port statistics

["Teolicy" <teolicy () mindless com>]

Hello folks,

I've been wondering if anyone gathered any serious scale statistics for port
usage.

Does anyone know which port is "the most open port" over various platforms?
Would such a research be useful for anyone?
Would it be useful to separately scan various OSs and architectures, then
scan a network and be able to say (with statistical accuracy) that "this net
probably has 57% Windows NT boxes and 23% Solaris' 18% Linux and 2% other"?
(uhm, I mean, would it be useful and realistic, that is :)

This 'scan' should (ATMPOV) use vanilla TCP connect, because this is a kind
of "fingerprinting" that might have to be done across OS-detection-breaking
devices (filters and firewalls of sorts).

I know it sounds very far fetched, but in my experience, a network has a
small number of "favored" servers that the admins deal with and harden, and
then "the rest of the gang", which are usually vanilla or almost vanilla
stations out-of-the-box.

It would sometimes (well, OK, in my case) be useful to know what mix of
hosts there is on the network, possibly being able to better understand it's
structure and vulnerabilities from a limited point of view (behind
filtering).

Such statistical analysis can be done by simply scanning many vanilla OS's
out-of-the-box and then placing the information in a small file to examine
while scanning, but it could also (and it would be better) gathered via a
wide-scale scan (ALA BASS).

 - Teolicy