Home page logo
/

basics logo Security Basics mailing list archives

Re: DHL connect software
From: Ansgar -59cobalt- Wiechers <bugtraq () planetcobalt net>
Date: Wed, 28 Mar 2007 01:18:12 +0200

On 2007-03-27 Murda Mcloud wrote:
Has anyone had to install this software for their mailroom department?
DHL Connect-it allows staff to do their consignments up etc before
sending the packages through DHL.

I have found out that it uses 443 and 80 for the connection to DHL and
for updates it requires 20/21 (all outbound).

You mean the software is initiating outbound connections to the remote
ports 20/tcp, 21/tcp, 80/tcp, and 443/tcp? These are probably:

 20/tcp -> FTP (active mode, data channel)
 21/tcp -> FTP (active mode, command channel)
 80/tcp -> HTTP
443/tcp -> HTTPS

However, if it really uses active FTP, the data channel should be
established inbound, with 20/tcp being the remote source port.

It also seems to require admin privs on the local box-and needs shared
drives if others on the LAN are to print reports from the dbase that
gets created on the workstation.

I am going to run filemon/regmon to see what kind of things it does in
terms of files and keys. Does anyone else have suggestions for what
other info to gather to test its 'secureness'?

If you're running XP or Server 2003 you could try LUABugLight [1] in
addition to Regmon/Filemon. Also, as has already been suggested, inspect
the network traffic with a sniffer (e.g. Wireshark [2]). In case the
traffic going to port 443/tcp is really HTTPS (i.e. SSL-encrypted) you
could give Paros Proxy [3] a try.

[1] http://blogs.msdn.com/aaron_margosis/archive/2006/08/07/LuaBuglight.aspx
[2] http://www.wireshark.org/
[3] http://www.parosproxy.org/

Regards
Ansgar Wiechers
-- 
"All vulnerabilities deserve a public fear period prior to patches
becoming available."
--Jason Coombs on Bugtraq


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault