Re: [PEN-TEST] Load Balancing Servers

[Gregor Binder <gbinder () sysfive com>]

Justin Schaefer on Wed, Sep 27, 2000 at 11:16:14AM -0400:

Hi,

> You are entirely correct, i was just explaining the concept behind load
> balancing servers. Generally this prevents users from obtainign a direct
> network connection to one of the machines. However if you are testing for a
> web based vulnerability for example, just treat is as one server. I havnet
> found anyone yet that load balances across non identical servers. :)

Might be beyond the scope of this thread but:

Some products can do "resource-based" scheduling, that means they will
direct you to different addresses based on the content you try to
access. Requesting an image could for example result in a request to
a network appliance cache, which might be a less interesting target.
While a request for a cgi could go straight to an application server,
that possibly has direct connectivity to databases or is easier to
exploit.

I agree that the identical resources will usually be served from
identical systems. Even though many sites use different platforms,
operating systems and applications to serve different resources, even
if they use the same protocol.

  Gregor.