RE: DHL connect software

---

• From: "J.M. Seitz" <lists@xxxxxxxxxxxx>
• Date: Tue, 27 Mar 2007 16:20:48 -0800

---

Well are you looking to test the security of the product, or do you want to
know what privileges it runs at? If you want to test it to determine if it
has a vulnerability do the following:

1) setup a malicious HTTP or FTP server (fuzzer).
2) poison your HOSTS file with the ip address of your malicious server so
update.dhl.com now points to it.
3) continually force the software to look for updates, etc. and see if it
blows up :)

Let us know how it goes!

JS

-----Original Message-----
From: listbounce@xxxxxxxxxxxxxxxxx [mailto:listbounce@xxxxxxxxxxxxxxxxx] On
Behalf Of Murda Mcloud
Sent: Monday, March 26, 2007 7:43 PM
To: security-basics@xxxxxxxxxxxxxxxxx
Subject: DHL connect software


Hi all,
Has anyone had to install this software for their mailroom department? DHL
Connect-it allows staff to do their consignments up etc before sending the
packages through DHL.

I have found out that it uses 443 and 80 for the connection to DHL and for
updates it requires 20/21 (all outbound).

It also seems to require admin privs on the local box-and needs shared
drives if others on the LAN are to print reports from the dbase that gets
created on the workstation.

I am going to run filemon/regmon to see what kind of things it does in terms
of files and keys. Does anyone else have suggestions for what other info to
gather to test its 'secureness'?

There doesn't to seem to be too much by way of documentation.

---

• References:
  • DHL connect software
    • From: Murda Mcloud

• Prev by Date: Re: DHL connect software
• Next by Date: Re: DHL connect software
• Previous by thread: Re: DHL connect software
• Next by thread: Re: DHL connect software
• Index(es):
  • Date
  • Thread

---

Relevant Pages Re: DHL connect software ... DHL Connect-it allows staff to do their consignments up etc before ... 443/tcp -> HTTPS ... However, if it really uses active FTP, the data channel should be ... (Security-Basics) Re: Windows XP Malicious Updates ... ??|>> problems with updates. ... DHL>> OK. ... I reread your original post. ... Windows Updates and you called these updates malicious. ... (microsoft.public.windowsxp.help_and_support) Re: Windows XP Malicious Updates ... David wrote to James Silverton on Thu, ... Under "Widows XP Malicious Updates", ... DHL> OK. ... I'd be grateful if you could expand the last statement since I do not understand the role of the cache in this updating process nor was I aware that I had changed the system in any way.. ... (microsoft.public.windowsxp.help_and_support) Re: DHL connect software ... I am sure you can map the DHL terminal's services to other accounts ... via in internal FTP site instead of mapping drives. ... so I am constantly thinking about this kind of stuff. ... Connect-it allows staff to do their consignments up etc before sending the ... (Security-Basics) Re: DHL connect software ... Ethereal/wireshark on the host running the software and capture all traffic. ... The port 80 and 20/21 traffic is likely all clear text. ... Connect-it allows staff to do their consignments up etc before sending the ... packages through DHL. ... (Security-Basics)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(14)