Magic Pipe Vulnerability?

I’ve been using Comodo Firewall for several years but in the past few days there have been some very strange things happening with it. When I did a Google on the default registry settings for Comodo I happened on this website: http://www.securiteam.com/windowsntfocus/5JP010AKUY.html. I was wondering if I might have been hit with this. I have had a lot of sql injection attempts in the past month which I see being blocked.

I’ve had times when Comodo started to flash frequently (as if it were refreshing the screen) and then I see that some IP addresses that I’ve blocked are now deleted. When I go into the log section of Comodo, I no longer see the IP addresses that are accessing my website. I can see these IP addresses using netstat and looking at my w3svc1 log files. I’m using version 2.4.18.184.

I did a search of this forum for “Magic Pipe Vulnerability” but nothing came up. Can anyone give me any information about this? Is this something that is a possible threat? Might there be any other explanation for what is happening?

The original post is located here: http://www.matousec.com/info/advisories/Comodo-Bypassing-settings-protection-using-magic-pipe.php.

Unfortunately, I haven’t been able to compile the test.c code to try it out. Has anyone successfully done that?

Welcome.

I found some:

https://forums.comodo.com/leak_testingattacksvulnerability_research/cfp_easily_bypassed_20070801-t11187.0.html

https://forums.comodo.com/leak_testingattacksvulnerability_research/matouseccom_advisories_resolved_in_v3-t8261.0.html

https://forums.comodo.com/leak_testingattacksvulnerability_research/23681bugs_reported_on_matousec_have_they_been_fixed-t10374.0.html;msg75264#msg75264

https://forums.comodo.com/leak_testingattacksvulnerability_research/bypassing_settings_protection_in_cf-t6924.0.html

https://forums.comodo.com/cfp_beta_corner/cfp_3011246_rc1_questions_about_how_it_works-t14514.0.html;msg101954#msg101954

https://forums.comodo.com/general_discussion_off_topic_anything_and_everything/kaspersky_internet_security_602614-t7226.0.html;msg53071#msg53071

Question - Does the Comodo Firewall/Security/Network Monitor only show a set number of network control rules? I only see 1132 IDs but when I look in the registry I see a lot more. Was I wrong to assume some of the IPs that I’ve blocked have been deleted? Rather they are too numerous for the GUI to display?

Another question. Can V3 be installed on a Windows 2003 server as of today? If so, will all of my network control rules be preserved or do I need to do some exporting and importing into the new version?

I haven’t used CFP 2 in a long time, I don’t remember/know what you mean by 1132 IDs. It’s more appropriate to open a new thread here.

[b]CFP 3.0 System Requirements[/b] Windows XP (SP2) 32 bit version Windows XP 64 bit version Windows Vista 32 and 64 bit versions

It’s not listed so I would say any other OS is not officially supported/compatible. Even if it worked, the 2 versions are too different for rules to export/import/apply.