Security Vulnerability Attempt on blocked port

[David Manson 0]

Received the below Security Vulnerability Exploitation attempt but confused as the server sits in Azure with all traffic blocked by the NSG inbound so cannot see why ESET alerting for this (Known Bad) IP for this attempt.

Can anyone explain or seen similar alerts that do not make sense?

Just concerned that something has even attempted to exploit this server as it has no inbound ports open.

 

Network Vulnerability Alert on server.domain.local

Computer Name: server.domain.local

Username:

Timestamp: 1/15/22, 7:27:12 AM UTC

Severity: Warning

Event: Security vulnerability exploitation attempt

Threat Name: EsetIpBlacklist

Process Name:

Protocol: TCP

Inbound Communication: yes

Source Address: 220.249.167.16

Source Port: 52,183

Target Address: 10.1.0.5

Target Port: 1,433

 

This message was sent by ESET PROTECT

[Marcos 5,071]

My understanding is that the communication first goes through ESET's firewall and only then it's evaluated by NSG which would account for ESET's detections.

[David Manson 0]

Thanks for the reply but I do not understand how that could be, the traffic should hit the NSG First and be blocked and ESET should never see it as the communication is inbound.