i was reading this paper and part of it confused me about port scanning and stuff. it said:

On 27 April, at 00:13 hours, our network was scanned by the system 1Cust174.tnt2.long-branch.nj.da.uu.net for several vulnerabilities, including imap. Our intruder came in noisy, as every system in the network was probed.

Apr 27 00:12:25 mozart imapd[939]: connect from 208.252.226.174
Apr 27 00:12:27 bach imapd[1190]: connect from 208.252.226.174
Apr 27 00:12:30 vivaldi imapd[1225]: connect from 208.252.226.174
how could he scan every system on the network from outside the network? if the computers on the internet are connected to the internet, wouldnt they have to be behind some kind of router or hub that would make it impossible for him to scan them from outside?

heres the page: http://project.honeynet.org/papers/enemy3/