Re: DHL connect software

From: Ansgar -59cobalt- Wiechers <bugtraq@xxxxxxxxxxxxxxxx>
Date: Wed, 28 Mar 2007 01:18:12 +0200

On 2007-03-27 Murda Mcloud wrote:

Has anyone had to install this software for their mailroom department?
DHL Connect-it allows staff to do their consignments up etc before
sending the packages through DHL.

I have found out that it uses 443 and 80 for the connection to DHL and
for updates it requires 20/21 (all outbound).

You mean the software is initiating outbound connections to the remote
ports 20/tcp, 21/tcp, 80/tcp, and 443/tcp? These are probably:

20/tcp -> FTP (active mode, data channel)
21/tcp -> FTP (active mode, command channel)
80/tcp -> HTTP
443/tcp -> HTTPS

However, if it really uses active FTP, the data channel should be
established inbound, with 20/tcp being the remote source port.

It also seems to require admin privs on the local box-and needs shared
drives if others on the LAN are to print reports from the dbase that
gets created on the workstation.

I am going to run filemon/regmon to see what kind of things it does in
terms of files and keys. Does anyone else have suggestions for what
other info to gather to test its 'secureness'?

If you're running XP or Server 2003 you could try LUABugLight [1] in
addition to Regmon/Filemon. Also, as has already been suggested, inspect
the network traffic with a sniffer (e.g. Wireshark [2]). In case the
traffic going to port 443/tcp is really HTTPS (i.e. SSL-encrypted) you
could give Paros Proxy [3] a try.

[1] http://blogs.msdn.com/aaron_margosis/archive/2006/08/07/LuaBuglight.aspx
[2] http://www.wireshark.org/
[3] http://www.parosproxy.org/

Regards
Ansgar Wiechers
--
"All vulnerabilities deserve a public fear period prior to patches
becoming available."
--Jason Coombs on Bugtraq

References:
- DHL connect software
  - From: Murda Mcloud

Prev by Date: RE: how to block web messenger services
Next by Date: RE: DHL connect software
Previous by thread: Re: DHL connect software
Next by thread: RE: DHL connect software
Index(es):
- Date
- Thread

Relevant Pages

Re: DHL connect software
... I am sure you can map the DHL terminal's services to other accounts ... via in internal FTP site instead of mapping drives. ... so I am constantly thinking about this kind of stuff. ... Connect-it allows staff to do their consignments up etc before sending the ...
(Security-Basics)
Re: DHL connect software
... Ethereal/wireshark on the host running the software and capture all traffic. ... The port 80 and 20/21 traffic is likely all clear text. ... Connect-it allows staff to do their consignments up etc before sending the ... packages through DHL. ...
(Security-Basics)
RE: DHL connect software
... poison your HOSTS file with the ip address of your malicious server so ... Subject: DHL connect software ... Connect-it allows staff to do their consignments up etc before sending the ... updates it requires 20/21. ...
(Security-Basics)
DHL connect software
... Connect-it allows staff to do their consignments up etc before sending the ... packages through DHL. ...
(Security-Basics)