Hey guys, on July 14th 2024 I was sitting at home, spending time on my PC before tuning to itv to watch the Euro 2024 final. Anyway, like many of you, I have Avast Premier, build 18.8.2356, from November 15th 2018, the last XP compatible version. I've been a long time Avast user as most people probably know and I'm totally happy with it as it's still receiving up-to-date virus definitions via normal updates and streaming updates.
Anyway, the reason why I'm mentioning this is that I was pretty surprised to see a very unusual entry in the firewall that Avast reported as "Blocked":
I really suck at networking, but seeing it like this it looks like someone or something tried to RDP into my XP! Well, let's first say that I'm not dumb, so RDP is indeed disabled on my XP, so it wouldn't have led to anything anyway (probably), but this is pretty worrying. What's worse is that I can't see anything in the "Remote address", nor "Remote Port" or "Local address", so if it actually was an attacker, I don't even know who tried that. To make matters worse, I wasn't using a Public Wi-Fi or anything, I was sitting on my chair, at home, connected to my router. How is this possible? Is this a false alarm and the entry is a red herring? Or... perhaps... did someone actually try to RDP into my system? I'm confused.
I recently heard that there are bots scanning the entire IPv4 address range constantly, testing and probing every device they find for known vulnerabilities.
What I think happened, then, is that one of those must have found a vulnerability in the router firmware and it somehow managed to bypass it and connect to my XP?
What do you think?