It was probably an unpatched version of IIS. Remember the CodeRed worm? All you would have to do is look at your own webserver log to get a list of servers that had been compromised. After that, it would have been a trival exercise.
Or you, could have modified a copy of the worm to target a specific IP address range. Your probes would have been lost among all the other unwitting participants.
I run ZoneAlarm on my Win 98 machine at home. I know it just improves my illusion of security, but it did alert my to the fact that my ISP was regularly sending me PCAnywhere pings.
Are you using dialup or cablemodem/DSL? If it is the latter, invest about $80 in a dedicated firewall/router from someone like Linksys. I have Win2K, WinXP and Linux systems, but all of them are behind a firewall.