When I got my cable 18 months ago, roughly half of the port scans were at common Unixish services, mainly ssh, 111, 515. The other half was mostly a search for open proxies/SOCKS and some famous backdoors. This is skewed, my provider blocks http, ftp, smtp, telnet and perhaps other ports (I suspect SMB services are now off too). Nowadays the overwhelming majority of port scans are directed at typical MS ports and windows trojans: 135, 57, 1433, 17300. There are certainly more Windows boxes online at any one point than Unixish systems, however, I still believe this shift has something to do with Windows being easier to hack, and Windows users generally being less prepared against attacks.
Slashdot Mirror
When I got my cable 18 months ago, roughly half of the port scans were at common Unixish services, mainly ssh, 111, 515. The other half was mostly a search for open proxies/SOCKS and some famous backdoors. This is skewed, my provider blocks http, ftp, smtp, telnet and perhaps other ports (I suspect SMB services are now off too).
Nowadays the overwhelming majority of port scans are directed at typical MS ports and windows trojans: 135, 57, 1433, 17300.
There are certainly more Windows boxes online at any one point than Unixish systems, however, I still believe this shift has something to do with Windows being easier to hack, and Windows users generally being less prepared against attacks.