So, does it mean that while connected via wifi, my mac is protected by AE firewall (and there is no need to turn on os x firewall?) whereas while connected via utp cable, mac is not protected by AE firewall (and os x firewall is a must?)? Do I get it right?
Don't disable the OS X firewall. Unless a firewall is causing some sort of issue, don't disable it. The Airport Extreme has a firewall IF it's setup in DHCP/NAT mode. If it's setup in bridge mode, the firewall is off. You can use both firewalls at the same time. Most routers have some form of a hardware firewall, which works in conjuction with your Operating Systems software firewall.
When your Mac is connected to the Airport Extreme, whether via ethernet or Wi-Fi, it's traffic runs through the AE firewall. When it is connected DIRECTLY to the modem, it does not benefit from the firewall of the Airport. Hence why you may have read it's better to use your router, instead of connecting to the modem directly. This still counts wired OR wireless.
So, to conclude, use BOTH firewalls (OSX and AE), and for best security, use Airport Utility to turn off Wi-Fi on the AE, and connect to it using ethernet. This eliminates the ability for someone nearby to access your network.
It may not be any of my business, but if it's that much of an issue law enforcement should probably get involved. You hinted at behaviors that sound like stalking or harassment, these individuals also seem to be in your immediate vicinity. I don't know the details or anything like that, but if you have people actively seeking YOU DIRECTLY to access your personal information without your consent, then you need to contact law enforcement. Unless I misunderstood you and you are just wanting 'general' security because you fear someone MIGHT be, but you don't have knowledge of it.
Bear in mind finding strange IP addresses is not unusual. People will always 'try'. There are plenty of cheap-o's out there trying to steal Wi-Fi, who will attempt to connect to your network using 'common' passwords. (Lots of cable companies set up Wi-Fi routers using the customers address or last name as the Wi-Fi password, so people may try those just to see if they 'get lucky'). They aren't trying to steal information, they are just trying to bum a free ride to the internet!
Another option, if you want to keep WiFi but be a bit more secure, is to disable SSID broadcasting in Airport utility. What this does, is makes most computers not see the SSID. (Using a piece of software, you still can, but it helps eliminate most free-wifi-lurkers). When you connect via Wi-Fi, you'll have to manually connect (On OS-X, click the Wi-Fi logo on the menubar and click 'join other network'). You can then type in the name of your network manually.
However, again, if security is a concern, disabling Wi-Fi is the way to go. Although there are still risks with ANY internet connected computer. If you or your employer have very sensitive data that you have at home, often it's best to keep and use that data on a non internet connected computer if at all possible.