Re: DHL connect software

[Tremaine Lea <security-basics () ddiction com>]

Ethereal/wireshark on the host running the software and capture all  
traffic.  The port 80 and 20/21 traffic is likely all clear text.   
The port 442 traffic is *likely* encrypted.


---

Tremaine Lea
Network Security Consultant

Be in pursuit of equality, but not at the expense of excellence.


On 26-Mar-07, at 9:43 PM, Murda Mcloud wrote:

> Hi all,
> Has anyone had to install this software for their mailroom  
> department? DHL
> Connect-it allows staff to do their consignments up etc before  
> sending the
> packages through DHL.
>
> I have found out that it uses 443 and 80 for the connection to DHL  
> and for
> updates it requires 20/21 (all outbound).
>
> It also seems to require admin privs on the local box-and needs shared
> drives if others on the LAN are to print reports from the dbase  
> that gets
> created on the workstation.
>
> I am going to run filemon/regmon to see what kind of things it does  
> in terms
> of files and keys. Does anyone else have suggestions for what other  
> info to
> gather to test its 'secureness'?
>
> There doesn't to seem to be too much by way of documentation.