Comodo SSTS 配置教程及 CFP 3.0.25.378 个人 LeakTest 小型补测

eLiT3CH_KSP

翻开 Comodo FWC Records PDF, 大家可以看见 CMD 3.0.22 没有完全通过的 Test 有 5 个:

perftcp, perfudp, sss, sss4, socksnif

那么新版的表现会怎么样? 本人做了下面的测试.

注意事项:
1. 由于测试方法是由文档琢磨而来, 至于能不能跟官方完全一样, 就不知道了. 不过从测试结果来看大家可能会挺高兴, 这个是后话.
2. 由于 perftcp, perfudp 需要两台机器, 此处略过

SSTS For Comodo 配置教程

做测试之前首先与大家分享一下测试 COMODO 的方法, 方法正确方能真正的从测试中学到东西. 胡乱测试不仅会让自己和大家受蒙蔽, 自己还学到了错误的方法, 那是有百害而无一利的 :D

打开 Matousec 的 Test Suite. 大家可能看到了很多目录下都有一个 ssts.conf 文件, 原始内容如下:

1. 
   
2. #
   
3. # This is configuration file for Security Software Testing Suite.
   
4. #
   
5. # You are advised to read this file carefully and modify these settings before testing.
   
6. #
   
7. #
   
8. # Every line that starts with '#' is ignored. Blank lines are ignored.
   
9. # Every line that contains '=' defines a variable. The last line must be blank.
   
10. #
    
11. 
    
12. 
    
13. #
    
14. # The URL is used mostly by leak-tests. It contains the protocol, the domain and the location
    
15. # of the target web page that is to be accessed by the test.
    
16. #
    
17. url=http://www.matousec.com/projects/firewall-challenge/test.php
    
18. 
    
19. 
    
20. #
    
21. # The domain is used mostly by leak-tests. It is a DNS name of the Internet server that is to be accessed.
    
22. # The second level domain (domain2nd) should contain only two parts separated by a dot.
    
23. #
    
24. domain=www.matousec.com
    
25. domain2nd=matousec.com
    
26. 
    
27. 
    
28. #
    
29. # The target web page is used mostly by leak-tests. It describes the location of the target web page
    
30. # on the server that is specified by domain or IP.
    
31. #
    
32. page=/projects/firewall-challenge/test.php
    
33. 
    
34. 
    
35. #
    
36. # TCP/UDP IP address and target TCP/UDP port specify the target Internet server
    
37. # for some TCP/UDP oriented tests, mostly leak-tests.
    
38. #
    
39. ip_tcp=89.185.231.11
    
40. port_tcp=80
    
41. 
    
42. ip_udp=192.168.1.1
    
43. port_udp=53
    
44. 
    
45. 
    
46. #
    
47. # Raw IP address is used by some leak-tests that does not use TCP or UDP
    
48. # for a communication with the Interet server.
    
49. #
    
50. ip_raw=89.185.231.11
    
51. 
    
52. 
    
53. #
    
54. # IP address of the local interface is used by some spying tests.
    
55. #
    
56. ip_loc=192.168.1.1
    
57. 
    
58. 
    
59. #
    
60. # IP address of the peer is used by some performance tests.
    
61. # The peer is usually a server that helps measuring the performance.
    
62. # The client usually runs on the tested computer.
    
63. # The port specifies on which port the server listens.
    
64. # The buffer size specifies the size of a buffer to be sent.
    
65. # The count specifies a number of buffers of the given size to be sent.
    
66. #
    
67. peer_ip_tcp=192.168.1.1
    
68. peer_port_tcp=2222
    
69. peer_buf_size_tcp=1048576
    
70. peer_buf_cnt_tcp=500
    
71. 
    
72. peer_ip_udp=192.168.1.1
    
73. peer_port_udp=2222
    
74. peer_buf_size_udp=1400
    
75. peer_buf_cnt_udp=200000
    
76. 
    
77. 
    
78. #
    
79. # Data are used mostly by leak-tests.
    
80. # Short data (data46) may contain at most 46 characters.
    
81. # The data are usually encoded and appended to the URL with a delimiter.
    
82. #
    
83. data=I have failed the test
    
84. data46=I have failed the test
    
85. data_delimiter=?
    
86. 
    
87. 
    
88. #
    
89. # The pattern is searched among the incoming/read/received data.
    
90. # If the pattern is found it usually means that the attack was successful.
    
91. # pattern_net is used mostly by leak-tests.
    
92. # pattern_sniff is used by some spying tests.
    
93. #
    
94. pattern_net=YOUR SYSTEM FAILED THIS TEST
    
95. pattern_sniff=QWERTY
    
96. 
    
97. 
    
98. #
    
99. # The list of important processes, usually the processes of the tested product.
    
100. # The first line determines the number of the processes in the list.
     
101. # Then the names of the processes follows.
     
102. # This list must be modified before testing.
     
103. #
     
104. processes=3
     
105. important.exe
     
106. fwprocess.exe
     
107. fwsvc.exe
     
108. 
     
109. 
     
110. #
     
111. # The list of important services and drivers, usually those that belong to the tested product.
     
112. # The first line determines the number of the services and drivers in the list.
     
113. # Then the names of the services and drivers follows.
     
114. # This list must be modified before testing.
     
115. #
     
116. services=2
     
117. FwDriver
     
118. FwService
     
119. 
     
120. 
     
121. #
     
122. # This line must be modified before testing.
     
123. # If you modify its value to "I agree" you do proclaim that
     
124. #   1) you do understand the purpose of this testing suite,
     
125. #   2) you have modified the settings properly to made your tests relevant,
     
126. #   3) you do understand that it may damage your system or data,
     
127. #   4) you do agree with the licence that is available in the original package
     
128. #      of SSTS in licence.txt file.
     
129. #
     
130. agreement=
     
131. 
     

复制代码

首先带有 "#" 的行是注释, 空行可以忽略, 那么其实这个文件真正起作用的部分只有很少. 这里我从末尾开始叙述:
1.
agreement=
这个是一个开关, 只有后面为 I Agree 的时候, 测试工具才能起作用

2.
services=2
FwDriver
FwService
这个是防火墙的服务数量和服务表, COMODO 防火墙需要修改, 具体的我会在后面阐述

3.
processes=3
important.exe
fwprocess.exe
fwsvc.exe
这个是防火墙的活动进程数量和进程表, COMODO 防火墙需要修改, 具体的我会在后面阐述

4.
pattern_net=YOUR SYSTEM FAILED THIS TEST
pattern_sniff=QWERTY
这个是做 socksnif 测试时必须用到的参数, 其中的 "QWERTY" 可以修改成任何你想查询的单词. socksnif 测试开始后, 你便可以通过在搜索引擎中搜索这词组的方式来测试

5.
data=I have failed the test
data46=I have failed the test
data_delimiter=?
这个无需修改

6.
peer_ip_tcp=192.168.1.1
peer_port_tcp=2222
peer_buf_size_tcp=1048576
peer_buf_cnt_tcp=500

peer_ip_udp=192.168.1.1
peer_port_udp=2222
peer_buf_size_udp=1400
peer_buf_cnt_udp=200000
这些参数是在 perfxxx 的两个测试中用到的. 在测试时, 两个 ip 地址需要修改为本机的 ip 地址
注意, 127.0.0.1 和 169.x.x.x 是不允许用的.

7.
ip_tcp=89.185.231.11
port_tcp=80

ip_udp=192.168.1.1
port_udp=53

ip_raw=89.185.231.11

ip_loc=192.168.1.1
做测试时, 192.168.1.1 需要修改为本机的 ip 地址, 注意事项同上.

8. 最后是上面的 matousec 地址, 一般不需修改

经过修改后, 我做测试的 ssts.conf 文件大致如下 (我做测试时的 ip 是 220.113.122.80).

这里需注意的是, 每个目录下的 ssts.conf 文件是一样的, 也就是你可以把一个修改好了的文件到处粘贴而无需再次费神手动修改. 另外一个就是 ssts.conf 的最后一行貌似必须是空行. 这个在手册中有.

1. 
   
2. #
   
3. # This is configuration file for Security Software Testing Suite.
   
4. #
   
5. # You are advised to read this file carefully and modify these settings before testing.
   
6. #
   
7. #
   
8. # Every line that starts with '#' is ignored. Blank lines are ignored.
   
9. # Every line that contains '=' defines a variable. The last line must be blank.
   
10. #
    
11. 
    
12. 
    
13. #
    
14. # The URL is used mostly by leak-tests. It contains the protocol, the domain and the location
    
15. # of the target web page that is to be accessed by the test.
    
16. #
    
17. url=http://www.matousec.com/projects/firewall-challenge/test.php
    
18. 
    
19. 
    
20. #
    
21. # The domain is used mostly by leak-tests. It is a DNS name of the Internet server that is to be accessed.
    
22. # The second level domain (domain2nd) should contain only two parts separated by a dot.
    
23. #
    
24. domain=www.matousec.com
    
25. domain2nd=matousec.com
    
26. 
    
27. 
    
28. #
    
29. # The target web page is used mostly by leak-tests. It describes the location of the target web page
    
30. # on the server that is specified by domain or IP.
    
31. #
    
32. page=/projects/firewall-challenge/test.php
    
33. 
    
34. 
    
35. #
    
36. # TCP/UDP IP address and target TCP/UDP port specify the target Internet server
    
37. # for some TCP/UDP oriented tests, mostly leak-tests.
    
38. #
    
39. ip_tcp=89.185.231.11
    
40. port_tcp=80
    
41. 
    
42. ip_udp=220.113.122.80
    
43. port_udp=53
    
44. 
    
45. 
    
46. #
    
47. # Raw IP address is used by some leak-tests that does not use TCP or UDP
    
48. # for a communication with the Interet server.
    
49. #
    
50. ip_raw=89.185.231.11
    
51. 
    
52. 
    
53. #
    
54. # IP address of the local interface is used by some spying tests.
    
55. #
    
56. ip_loc=220.113.122.80
    
57. 
    
58. 
    
59. #
    
60. # IP address of the peer is used by some performance tests.
    
61. # The peer is usually a server that helps measuring the performance.
    
62. # The client usually runs on the tested computer.
    
63. # The port specifies on which port the server listens.
    
64. # The buffer size specifies the size of a buffer to be sent.
    
65. # The count specifies a number of buffers of the given size to be sent.
    
66. #
    
67. peer_ip_tcp=220.113.122.80
    
68. peer_port_tcp=2222
    
69. peer_buf_size_tcp=1048576
    
70. peer_buf_cnt_tcp=500
    
71. 
    
72. peer_ip_udp=220.113.122.80
    
73. peer_port_udp=2222
    
74. peer_buf_size_udp=1400
    
75. peer_buf_cnt_udp=200000
    
76. 
    
77. 
    
78. #
    
79. # Data are used mostly by leak-tests.
    
80. # Short data (data46) may contain at most 46 characters.
    
81. # The data are usually encoded and appended to the URL with a delimiter.
    
82. #
    
83. data=I have failed the test
    
84. data46=I have failed the test
    
85. data_delimiter=?
    
86. 
    
87. 
    
88. #
    
89. # The pattern is searched among the incoming/read/received data.
    
90. # If the pattern is found it usually means that the attack was successful.
    
91. # pattern_net is used mostly by leak-tests.
    
92. # pattern_sniff is used by some spying tests.
    
93. #
    
94. pattern_net=YOUR SYSTEM FAILED THIS TEST
    
95. pattern_sniff=kafan
    
96. 
    
97. 
    
98. #
    
99. # The list of important processes, usually the processes of the tested product.
    
100. # The first line determines the number of the processes in the list.
     
101. # Then the names of the processes follows.
     
102. # This list must be modified before testing.
     
103. #
     
104. processes=2
     
105. cfp.exe
     
106. cmdagent.exe
     
107. 
     
108. 
     
109. #
     
110. # The list of important services and drivers, usually those that belong to the tested product.
     
111. # The first line determines the number of the services and drivers in the list.
     
112. # Then the names of the services and drivers follows.
     
113. # This list must be modified before testing.
     
114. #
     
115. services=1
     
116. cmdAgent
     
117. 
     
118. 
     
119. #
     
120. # This line must be modified before testing.
     
121. # If you modify its value to "I agree" you do proclaim that
     
122. #   1) you do understand the purpose of this testing suite,
     
123. #   2) you have modified the settings properly to made your tests relevant,
     
124. #   3) you do understand that it may damage your system or data,
     
125. #   4) you do agree with the licence that is available in the original package
     
126. #      of SSTS in licence.txt file.
     
127. #
     
128. agreement=I agree
     
129. 
     

复制代码

SSS / SSS4 / SOCKSNIF 实测

首先是 sss. 在开始后我们被注销然后重新登入, 这里 COMODO 有了提示:


block 之, 查看日志, PASS


sss4 的过程类似, COMODO 同样 PASS


sss 系列的测试, CFP 全线 PASS. 解放军同志可以安心了 (kidding, lol)

最后是 socksnif,


这里要注意的是在开始测试后, 不要按照它的提示按任意键. 否则会提示 PASS (假的).

此时打开 IE 浏览器 (不要用世界之窗, 否则会 PASS), 输入我们在 ssts.conf 中设置的 kafan... 结果比较遗憾... 额...

综述

通过此次测试, 我们惊喜的发现 COMODO 又多 PASS 了两项测试. 那么按照评分标准的话, 这两项测试可以将COMODO 的总成绩提高 2% - 4%. 如果 perfXXX 的两项测试还有提高的话, COMODO 很可能将回到积分榜第一的位置上, Cheers!

(全文完)

-------------------------
编辑一下, 补个个人预测, 下一版毛豆的 Matousec Test 的成绩可能会是 98% ± 1%
大家也猜猜无妨

[ 本帖最后由 clemond 于 2008-8-2 18:20 编辑 ]

某某猫

好文好文
难得上来一看就看到了

huai168an

学习了

eLiT3CH_KSP

难得被你一上来就被看哦 :D

PS: 惭愧惭愧, 要开学了, 等闲下来我研究一个更完全的 SSTS 配置表再补在这

polly5771

高手啊.....

先支持再学习

huai168an

那我补充支持了

PS：看不懂 慢慢磕了

feiren

毛豆果然强,可惜没中文啊
LZ能测下vista下的吗?我想看下

淡青呀有

支持下.

qcqyt

晕看不懂。只能选择支持了。

炎翼

看的一脸的迷茫~~~收藏慢慢看