Penetration Testing mailing list archives
Re: [PEN-TEST] Load Balancing Servers
From: Gregor Binder <gbinder () sysfive com>
Date: Fri, 29 Sep 2000 11:47:49 +0200
Justin Schaefer on Wed, Sep 27, 2000 at 11:16:14AM -0400: Hi,
You are entirely correct, i was just explaining the concept behind load balancing servers. Generally this prevents users from obtainign a direct network connection to one of the machines. However if you are testing for a web based vulnerability for example, just treat is as one server. I havnet found anyone yet that load balances across non identical servers. :)
Might be beyond the scope of this thread but: Some products can do "resource-based" scheduling, that means they will direct you to different addresses based on the content you try to access. Requesting an image could for example result in a request to a network appliance cache, which might be a less interesting target. While a request for a cgi could go straight to an application server, that possibly has direct connectivity to databases or is easier to exploit. I agree that the identical resources will usually be served from identical systems. Even though many sites use different platforms, operating systems and applications to serve different resources, even if they use the same protocol. Gregor.
Current thread:
- [PEN-TEST] Load Balancing Servers Ian Edwards (Sep 25)
- Re: [PEN-TEST] Load Balancing Servers Blaise (Sep 25)
- [PEN-TEST] SAS70; the process and merit thereof? Craig Anderson (Sep 27)
- Re: [PEN-TEST] SAS70; the process and merit thereof? Tom Litney (Sep 27)
- Re: [PEN-TEST] SAS70; the process and merit thereof? Joe Calloway (Sep 27)
- [PEN-TEST] SAS70; the process and merit thereof? Craig Anderson (Sep 27)
- <Possible follow-ups>
- Re: [PEN-TEST] Load Balancing Servers Justin Schaefer (Sep 27)
- Re: [PEN-TEST] Load Balancing Servers Jens Knoell (Sep 27)
- Re: [PEN-TEST] Load Balancing Servers Justin Schaefer (Sep 27)
- Re: [PEN-TEST] Load Balancing Servers Gregor Binder (Sep 27)
- Re: [PEN-TEST] Load Balancing Servers Miller Scott Contr 30CS/FTI (Sep 27)
- Re: [PEN-TEST] Load Balancing Servers ollie-infosec (Sep 27)
- Re: [PEN-TEST] Load Balancing Servers Blaise (Sep 25)