Comodo Firewall Vulnerability (Port 0)
I was doing today a routine security check on my system. I tend to do these things once a month or so, time permitting. I discovered a Comodo Firewall security hole associated with Port 0.
A little background:
Port 0 was supposed to be a non-existing port. An invalid port, or at best a reserved port. However manually made networks packets were always considered well-formed even if targeting or originating from port 0. This because, I think, the original idea was to use port 0 as a wildcard port. Meaning any connection targeting port 0 would allow the client machine network interface to choose any available port "Hey, I have this packet here. It specifies port 0. You choose which port you want this to come in. Just sign here."
Of course, good intentions have been paving the road to hell. And Port 0, while remaining an obscure, and unsupported in most cases, feature is a real port.
Today at least one application actively uses Port 0 based connections for what it is not intended for. That application is iTunes (another security and system stability nightmare people like to install and thus ruin their quiet lives. All because they can't listen to their music anymore on a music player, or at least rip their own music).
Back to Comodo:
Port 0 is a valid (if reserved) port. If I have no application on my windows machine actively listening on this port, it will report as being closed to anyone scanning my ports.
And therein lies the rub. A port scan on my machine that includes port 0 will identify my machine and ruin the idea behind stealth ports (closed ports that don't answer back when scanned). So, while Comodo says it offers full stealth mode, it fails doing so on port 0.
Imagine a Radar on your screen. On every sweep of the radar, the hacker is looking for a bunch of IP addresses and scanning their ports. All is silent for a while. The Radar sweaps on your green screen in that circular fashion only radars know how to. It's moments like this that make the internet look like a very lonely place. But suddenly... a very faint bleep. It was my computer saying "Hey! I'm here".
This happens because Comodo Firewall isn't allowing you to set Port 0 in your firewall rules. Despite what it says, you cannot create a rule based on port 0.
The only exception are range-based rules. If you create a rule where you limit access to a range of ports and that range starts at 0, the rule will take effect as intended. But you can't do that most of the time. Port numbers are more often defined individually.
What's worse, Comodo Firewall apparently also ignores port 0 incoming or outgoing connections if a rule doesn't exist blocking it (and the only rule that could was a range-based rule). That is, you will not get a popup on any connections involving Port 0.
To make sure of this, I used ShieldsUp Port Probe. You can also use ShieldsUp to scan all your ports and witness with your own eyes Port 0 "closed" stats, instead of "stealth".
If you are using Comodo Firewall like me, or have also confirmed your firewall doesn't support Port 0 based rules, you can try and setup your modem/router firewall, if it comes with a firewall. Many home users on ADSL and Cable modem/routers do come equipped with firewalls and many of them allow you to set port-based rules.