The way this information is being collected is going through considerable change and there has been a lack of updates recently. We are in the process of bringing you a live and searchable database being updated by multiple Intrusion Detection Sensors. This will cover a much wider area and also give a more realistic analysis of scans.
You may ask, what is the purpose of this page? RHP Studios would like to show you the types of scans we receive, along with our clients, on a regular basis so that other businesses/individuals can modify their firewalls accordingly. The type of information we are going to include is useful to those who manage firewalls. This information has been pulled from firewall logs, portsentry, snort, and tcp dumps. Those pulled from Portsentry are automatically blocked and the count will remain at 1.
The IP addresses identified in "Originating IP" can easily be spoofed. You can block access at the firewall/router by IP address or filter the access to the port/service. The IP information is only included to differentiate between "mass port scans" and "targeted port scans" since each port scan is logged once per occurrence. A mass port scan targets entire ranges of networked computer systems whereas a targeted port scan would target only one individual computer. This information also shows that when a new vulnerability is found, within hours the scans for these vulnerabilities start and continue regularly for some time.
If you are the owner of one of the originating IP addresses that is static, and you feel this information is in error, please notify RHP Studios immediately via the contact link. This could indicate that someone other than you "Owns" your computer. These IP addresses have shown up on more than 1 system in which we manage and feel that the information is therefore accurate.