Some script-kiddies think they can hack a Linux server using old MS WebDav/NetBios vulnerabilities.
what are you talking about?
Linux Server > Netbios ?
its DFIND scanner, on port 80 , not netbios port.
OP: Its a random port scan by some kid/bot, you can ignore it.
Just keep your server up to date and apply all needed security settings / patches for all your software.
keep a good password policy - and you should be safe.
It's a NetBios/Webdav vulnerabily scanner. The w00tw00t scan on port 80 is just a harmless HTTP banner scan to get the webserver name as it is looking for IIS servers.
It can look for open proxies too, but in that case the request is different (POST request to googlesyndication.com).
★ NinjaFirewall : Web Application Firewall for PHP and WordPress.
★ NinjaMonitoring : Monitor your website for suspicious activities.