Penetration Testing mailing list archives
Re: [PEN-TEST] Load Balancing Servers
From: Justin Schaefer <JustinS () SCREAMINGMEDIA COM>
Date: Wed, 27 Sep 2000 11:16:14 -0400
You are entirely correct, i was just explaining the concept behind load balancing servers. Generally this prevents users from obtainign a direct network connection to one of the machines. However if you are testing for a web based vulnerability for example, just treat is as one server. I havnet found anyone yet that load balances across non identical servers. :) -Justin -----Original Message----- From: Jens Knoell [mailto:jens () ING TWINWAVE NET] Sent: Wednesday, September 27, 2000 11:02 AM To: PEN-TEST () SECURITYFOCUS COM Subject: Re: [PEN-TEST] Load Balancing Servers From: "Justin Schaefer" <JustinS () SCREAMINGMEDIA COM>
I assume you're talking about a box such as a cisco local director. These boxes basically act as a transparent bridge between two networks.
generally
they are set up on an interal network and NATed to an external address.
The
actual site being hit from outside points to the external ip of the local director. the local director then hits the internal servers, on their internal addresses. So, if this is correct, you should not be able to hit the internal servers directly from outside. Hope that helps.
That's not entirely true... the problem is more that you cannot select which server you attack. Assuming that load balancing servers are all mirrors of each other, it shouldn't really matter what you test. Find a vulnerability/weakness on one server, and you can more or less assume you got the same problem on the mirrors too. Jens
Current thread:
- [PEN-TEST] Load Balancing Servers Ian Edwards (Sep 25)
- Re: [PEN-TEST] Load Balancing Servers Blaise (Sep 25)
- [PEN-TEST] SAS70; the process and merit thereof? Craig Anderson (Sep 27)
- Re: [PEN-TEST] SAS70; the process and merit thereof? Tom Litney (Sep 27)
- Re: [PEN-TEST] SAS70; the process and merit thereof? Joe Calloway (Sep 27)
- [PEN-TEST] SAS70; the process and merit thereof? Craig Anderson (Sep 27)
- <Possible follow-ups>
- Re: [PEN-TEST] Load Balancing Servers Justin Schaefer (Sep 27)
- Re: [PEN-TEST] Load Balancing Servers Jens Knoell (Sep 27)
- Re: [PEN-TEST] Load Balancing Servers Justin Schaefer (Sep 27)
- Re: [PEN-TEST] Load Balancing Servers Gregor Binder (Sep 27)
- Re: [PEN-TEST] Load Balancing Servers Miller Scott Contr 30CS/FTI (Sep 27)
- Re: [PEN-TEST] Load Balancing Servers ollie-infosec (Sep 27)
- Re: [PEN-TEST] Load Balancing Servers Blaise (Sep 25)