-{ Quote: "Port scanning, the practice of sniffing for computers with unprotected and open ports, isn't much of a harbinger of an attack, a University of Maryland researcher said Monday.

Michel Cukier, an assistant professor at the College Park, Maryland-based school, said that contrary to common thought, few port scans actually result in an attack. In fact, only about five percent of attacks are preceded by port scans alone.
" }-

Story (http://www.techweb.com/showArticle.jhtml?articleID=174918358)

5% seems like a big number to me. :/

and 0,05 % (of the 5 %) attacks are successfull.

Are that 1, 10 or 1000000 successfull attacks a year ??
;D

-{ Quote: "Rather than counting the number of packets in a connection, it's far more important to look at the content when classifying a connection as a port scan or an attack, Ullrich said." }-

Schneier on Security (http://www.schneier.com/blog/archives/2005/12/are_port_scans.html)

One reason (mentioned in the comments in Schneier's blog) is that attackers are getting smarter with port scans - either doing them well in advance of the main attack or spreading them over time and via different addresses to avoid being identified as scans. They are still important as a first step (like scouting the terrain before a military attack) but identifying them will become much more difficult, requiring analysis of traffic patterns over a longer period (days or even weeks).