So my router has IDS / IPS (detects threats on the network and blocks them). A few weeks ago, I saw that an IP was trying to connect to port 4433 on the LAN IP of my computer on my home network. I thought I fucked up somewhere and installed something bad, so I completely reinstalled Windows. I got another alert later the same night that another connection attempt was made. I had only installed the most basic programs (Chrome, Spotify, Discord, Bitwarden), and was still getting them. I made a firewall rule to block any incoming connections to port 4433. I also added it to the deny list so that IP specifically could not connect as well. I just got another alert today that a new connection to port 4433 was made. But how and why?? I have port 4433 blocked completely on WAN In and WAN Out. Also I haven't even installed any new software since making those rules either. I noticed that my computer turned on at weird times like 5 am, and that's when the threats were logged also, so I correlated them together. Note that I got the alert just now while my computer was on already.
This is the firewall rule I've made to drop any incoming connections to port 4433.
With these rules, am I safe? I have it so it will block it rather than just alert me, and made those firewall rules. They might have a list of infected computers and change the IP out occasionally. Do you think if I got another IP that these attacks would stop? This is what they look like
only posting here because steven and wild are here lol ok bye