Hi, dear Whonix team.
you are really cool and that’s why I’m sure you know what to do.
Some of windows workstations connected with whonix gateway show strange behavior - whonix gateway traffic monitoring tool shows that there are attempts to connect to some weird URL with port Zero.
Something like very-weird-looking-url:0
The firewall in windows workstations doesn’t see it and can’t block.
How can I set up the gateway firewall to block it totally.
(On Linux and in Unix standards) Port 0 is a placeholder that tells a system to assign whatever unused port >1023 is available. There is no actual port 0 or some undefined raw socket that could let traffic slip past a firewall unnoticed.
It is also used by protocols like ICMP that don’t speak port numbers. The only harm is that it can be used in ICMP DDoS attacks to exhaust bandwidth. That’s not really a danger for Whonix because the local private connection between Gateway and Workstation is local and depends on CPU and not on your actual internet connection. Any such attack would be noticeable by you.
Windows is a different story. They are known to not follow best security practices for many things sometimes on purpose. I don;t care for Windows enough to research it. You also have bigger problems like a system keylogger that phones home behind your back and contrary to your settings. I’d advise you to migrate to Linux even if it seems difficult at first.