Network Zones - Home #1 Home #2 - IPv6 issue.

[CISfan]

After CIS Firewall installation and after using CIS for a while CIS automatically created two Network Zones being "Home #1" and "Home #2". Both Network Zones contain one IPv4 address and one IPv6 address.

Both the IPv4 addresses (so one IPv4 address in Home #1 and one IPv4 address in Home #2) are normal local / link-local addresses being 192.168.xxx.xxx and 169.254.xxx.xxx. No problem there.

However there is an issue with the assigned IPv6 addresses in the created Network Zones.
Network Zone Home #1 contains an IPv6 address which is a NON local IPv6 address (address not revealing here)
Network Zone Home #2 contains an IPv6 address which IS a local IPv6 address being fe80::/10.

So my question is: What is CIS trying to accomplish by adding a NON local IPv6 address to Network Zone Home #1 and just allowing applications to connect In and Out to the internet without the user knowing?

It doesn't feel safe when CIS assigns a NON local IPv6 address to a Home Network Zone, so what is happening here?

[CISfan]

Addition:

The issue happens with CIS Premium V12.2.2.8012 and with CIS Firewall V12.2.3.8026

[Eric Cryptid]

Not experiencing this at my end.

Try removing the network zones apart from loopback.
Untick the Do not show popup alerts and treat location as...
Ensure IPv6 Firewall Filtering is enabled and run Stealth Ports wizard to have IPv6 rule.
Re-starting should show the pop-up for your network.

Speaking of which, ensure you have the ICMP rules:
Add the following ICMPv6 rules to the global rules section, choose ICMP for protocol and then go to ICMP details tab and use ICMPv6 Type from drop down list.
Packet too big
Time Exceeded
Custom and use Type 134 code 0
Custom and use Type 135 code 0
Custom and use Type 136 code 0
 
The custom rules are for neighbour solicitation and router advertisement which are needed for IPv6 to work if you have Stealth Ports - block all enabled.

[CISfan]

Thanks for your suggestion.

Meanwhile as another test, I imported a fresh default Firewall Security configuration file (taken from C:\Program Files\COMODO\COMODO Internet Security directory) into CIS than restarted the system and did wait a little for the Home Network Zones to be created (playing around with some apps to trigger network connections).
Now the same issue happens again, again a NON local IPv6 address is listed in Home #1 next to a local IPv4 192.168.xxx.xxx address.

Of course one can work around this issue but key point here is that CIS, with a default config, assign a NON local IPv6 address automatically to a Home Network Zone which it should not do because it causes security issues.


EDIT: Oh I forgot to mention, with the default config the "Filter IPv6 traffic" setting is disabled and yet a IPv6 address is added to a Home Network Zone? 

BUG !

[Eric Cryptid]

Do you use a VPN or other gateway?

I only get local when I do the same.

Yes, it still gets added but IPv6 isn't filtered unless that is activated.

[CISfan]

Nope, not using a VPN (did never install a VPN on my system) or other gateway. Using a normal plain ISP router/modem connection.

When I use a "What's My IP" tool on the internet I do see that same IPv6 address. . . creepy.

It still gets added even when IPv6 filtering is off?
How can it be added when IPv6 filtering is off? Is the "Filter IPv6 Traffic" setting not a CIS global on/off IPv6 filter switch?
I would expect this setting to switch IPv6 filtering completely on or off.

[Eric Cryptid]

It could be that if your using both ethernet and wifi and/or connecting to another device that may be the cause.

I thought it detected your IPv6 address no matter what but I automatically enable it out of habit when I install CIS/CF I'm not 100% sure or certain.

My router (Sky) acts as a gateway and is my DNS so I can't replicate at my end but I'll let someone else jump in who has time to experiment or investigate further. Big week ahead and other things on at the moment.

[CISfan]

Home #1 and Home #2 are assigned to Firewall rule System. If I would know what exes/processes/services belong to System I could maybe trace back what is happening.

ok understand, thanks so far.

[CISfan]

Steps to reproduce the bug:

1) Import a default Firewall Security configuration file (from C:\Program Files\COMODO\COMODO Internet Security directory)
2) Activate the imported config file.
3) Go to "Advanced Settings -> Firewall -> Network Zones" and untick the setting "Do not show popup alerts and treat location as".
4) Click OK button to close the Advanced Settings window.
5) Leave all other CIS setting at default.
6) Restart system and log on to desktop.
7) Leave the desktop idle for a while (do nothing).
8) After a while the CIS "Network Detected" Alert pops up for IPv4 address 192.168.xxx.xxx
9) Select "I am at Home" in the "Network Detected" Alert popup.
10) Go again to "Advanced Settings -> Firewall -> Network Zones" and unfold "Home #1". "Home #1" contains the IPv4 address for which the "Network Detected" Alert popup was raised but there is also that IPv6 NON local address again for which there was no "Network Detected" Alert popup raised!!!

Clearly a bug and a security hazard.

[CISfan]

The issue occurs with and is reproducible with:

- CIS Pro (Firewall only) V12.2.3.8026
- CIS Premium (Firewall only) V12.2.2.8012
- CIS Premium (Firewall only) V12.0.0.6882

Other versions were not tested.

Tested on Windows 7 Ultimate 64-bit.

[CISfan]

I've even tried to create multiple Firewall rules for application "System" with

Action : Ask
Protocol : "Created rules for all available options"
Direction : In or Out
Source / Destination Address and Ports : Any.

and removed both Home #1 and Home #2 Firewall rules from "System" and moved the "System" Firewall rule (with all the Ask rules) to the top of the Firewall rules list and than restarted the system.

After restart and desktop logon Firewall started popping up many Firewall Alerts for application "System" (as expected) but none of these Firewall Alert popups did show that same IPv6 address that is being added to the Home #1 Network Zone. After all "System" Firewall Alert popups were answered I checked the Network Zones Home #1 (I did remove Home #1 and Home #2 before system restart) and found that the IPv6 address was again added to Home #1 (as said, without any Firewall Alert popping up for that IPv6 address). IPv4 address 192.168.xxx.xxx was also added to Home #1 again and for that IPv4 address a "System" Firewall Alert did popup.

So were does this IPv6 address which is being added each time to Home #1 come from?

[C.O.M.O.D.O RT]

I've even tried to create multiple Firewall rules for application "System" with

Action : Ask
Protocol : "Created rules for all available options"
Direction : In or Out
Source / Destination Address and Ports : Any.

and removed both Home #1 and Home #2 Firewall rules from "System" and moved the "System" Firewall rule (with all the Ask rules) to the top of the Firewall rules list and than restarted the system.

After restart and desktop logon Firewall started popping up many Firewall Alerts for application "System" (as expected) but none of these Firewall Alert popups did show that same IPv6 address that is being added to the Home #1 Network Zone. After all "System" Firewall Alert popups were answered I checked the Network Zones Home #1 (I did remove Home #1 and Home #2 before system restart) and found that the IPv6 address was again added to Home #1 (as said, without any Firewall Alert popping up for that IPv6 address). IPv4 address 192.168.xxx.xxx was also added to Home #1 again and for that IPv4 address a "System" Firewall Alert did popup.

So were does this IPv6 address which is being added each time to Home #1 come from?

Hi CISfan,

Thank you for reporting, we are checking on this.

Thanks
C.O.M.O.D.O RT

[CISfan]

Hi CISfan,

Thank you for reporting, we are checking on this.

Thanks
C.O.M.O.D.O RT

Hello C.O.M.O.D.O RT,

Thank you kindly.

[CISfan]

Computer IPv6 address is being exposed in the Home #1 Network Zone.
Application "System" (svchost) is able to establish Home #1 local IPv4 connections In or Out and can also establish NON LOCAL connections to the internet In or Out via the exposed IPv6 address.
Firewall Network Zones Detection creates an NON LOCAL IPv6 leak in Home #1, this is serious matter.

[CommodoUser2019]

Are you sure you are looking at the filter IPv6 setting correctly? I would think it just means that Comodo would be inspecting IPv6 traffic just as it would IPv4. If you have IPv6 turned on in network settings, then websites would be able to detect your IPv6 address as they would your IPv4 address. To prevent them from detecting your IPv6, you would need to turn off IPv6 in networking or use a proxy/vpn no?