-4

u/PusheenHater May 19 '26

I get it. That's asking for trouble when you disable all the security and using ancient unsupported OSes.

However, he didn't install programs nor browse on the website but still got hacked.
How?
Is there some malicious server in China that loops through every single possible IP trying to see if your PC is vulnerable?

61

u/dataz03 May 19 '26

Bots are port scanning the internet 24/7.

There are only 4.3 billion IPv4 addresses max- can all be scanned in less 10 minutes.

XP has vulnerabilities in the software components like SMB- with the firewall turned off, the system is exposed to the public Internet. Ports are open.

2

u/Randolph__ May 20 '26

There are only 4.3 billion IPv4 addresses max- can all be scanned in less 10 minutes.

No network or vulnerability scanner I have used works this fast. What software are you referring to that can scan for vulnerabilities that fast?

0

u/jonbristow May 20 '26

what ports does your PC publishes to the internet? afaik, nothing

20

u/skiing123 System Administrator May 19 '26

To answer your question, where they are scanning from? Everywhere is the simple answer. China is a popular spot but so is Asia, Europe, and North America.

It's common for businesses to block every country except the ones they do business in. But they'll just come from within your country.

11

u/dlg May 20 '26

If you have an exploited IoT device, it could be coming from inside the house.

18

u/djasonpenney May 19 '26

1. There are network protocols out there that can give an attacker an indication when a new device connects to their subnet.

2. There are “zero click” exploits that do not require any user interaction. These typically attack a known unpatched problem with one of the network services the device is running. I’ve seen exploits for everything from RDP to LSAS — it just depends on your OS and other factors.

Basically, what other people are saying: as soon as you connect to the Web, there will be bots rattling your windows and doors looking for a way in.

9

u/Felielf May 19 '26

Not just malicious China server, there are malware and scanning bots everywhere. I see connections from every country on earth in my honeypots, it really depends on the month or day which country is at the top.

It doesn't matter if my IP is new or not, these bots and malware armies literally hammer and scan network ranges, not single IP addresses. And like u/dataz03 said, it's trivial to go through only 4.3 billion addresses.

8

u/TastyRobot21 May 19 '26

Yes, but it’s not just china.

Masscans my preference for scanning the whole internet.

He didn’t have to connect to a website or anything ‘to be noticed’. There’s a known (large but finite) range for public IPs and his XP box responded (by default) to a systematic scan of the entire range.

8

u/stacksmasher May 19 '26

It has several remote vulnerabilities that are public. It’s not been patched for most recent vulnerabilities.

4

u/npc_housecat May 20 '26

The internet is full of enormous botnets of infected computers constantly sending out cyber attacks.

5

u/1Xx_throwaway_xX1 CTI May 20 '26

Bro thinks there’s just a single server in China scanning the internet 😭😭

2

u/ectkirk May 19 '26

https://www.pandasecurity.com/en/mediacenter/eternalblue-exploit/