An analysis of quantitative attack data gathered by the university over a two-month period shows that port scans precede attacks only about 5 percent of the time, said Michel Cukier, a professor in the Center for Risk and Reliability at the engineering school. The results of the research were released publicly last week.

In fact, more than half of all attacks aren't preceded by a scan of any kind, Cukier said.

"There's been a lot of discussion in the security community about whether a port scan portends an attack or not," he said. "The goal of the research is to find a link between port scans and an attack."

Fact or fiction?

Port scans are generally believed to be used by attackers to discover open or closed ports and unused network services to exploit. Large increases in scans against a particular port have long been viewed as a signal of impending attacks against that port.