Penetration Testing mailing list archives
RE: [PT] Load Balancers?
From: "James Williams" <jwilliams () mail wtamu edu>
Date: Wed, 5 Oct 2005 08:42:23 -0500
They have multiple PTR (reverse lookups) records for that particular IP Address in their DNS. To verify this do a nslookup on the ip address multiple times and you should see the same pattern. James Williams, GISF Network Systems Technician -----Original Message----- From: BSK [mailto:bishan4u () yahoo co uk] Sent: Tuesday, October 04, 2005 3:35 AM To: pen-test () securityfocus com Subject: [PT] Load Balancers? Dear All, I'm doing a Blackbox PT for one of our clients, for their website. I noticed a scenario which I would like to discuss with you and get your opinion. I got their IP by pinging the website address. I cancelled the first ping and executed the second ping immediately. The resolved address remains the same but the domain name changes. Below are the sample results, with real names changed: # ping dummy.com PING www.dummy.com (xxx.xxx.xxx.xxx) 56(84) bytes of data 64 bytes from www.dummy.com (xxx.xxx.xxx.xxx): icmp_seq=0 ttl=109 time=351 ms # ping dummy.com PING pummy.net (xxx.xxx.xxx.xxx) 56(84) bytes of data 64 bytes from pummy.net (xxx.xxx.xxx.xxx): icmp_seq=0 ttl=109 time=351 ms # ping dummy.com PING www.suffy.cc (xxx.xxx.xxx.xxx) 56(84) bytes of data 64 bytes from www.suffy.cc (xxx.xxx.xxx.xxx): icmp_seq=0 ttl=109 time=351 ms When I repeat the same process for pummy.net, I get same results. I think its a server collocation or load balancing done on xxx.xxx.xxx.xxx. All dummy.com, suffy.cc and pummy.net show the same website when seen thru the web browser. Await your inputs. Thanks, Bshan ___________________________________________________________ How much free photo storage do you get? Store your holiday snaps for FREE with Yahoo! Photos http://uk.photos.yahoo.com ------------------------------------------------------------------------ ------ Audit your website security with Acunetix Web Vulnerability Scanner: Hackers are concentrating their efforts on attacking applications on your website. Up to 75% of cyber attacks are launched on shopping carts, forms, login pages, dynamic content etc. Firewalls, SSL and locked-down servers are futile against web application hacking. Check your website for vulnerabilities to SQL injection, Cross site scripting and other web attacks before hackers do! Download Trial at: http://www.securityfocus.com/sponsor/pen-test_050831 ------------------------------------------------------------------------ ------- ------------------------------------------------------------------------------ Audit your website security with Acunetix Web Vulnerability Scanner: Hackers are concentrating their efforts on attacking applications on your website. Up to 75% of cyber attacks are launched on shopping carts, forms, login pages, dynamic content etc. Firewalls, SSL and locked-down servers are futile against web application hacking. Check your website for vulnerabilities to SQL injection, Cross site scripting and other web attacks before hackers do! Download Trial at: http://www.securityfocus.com/sponsor/pen-test_050831 -------------------------------------------------------------------------------
Current thread:
- [PT] Load Balancers? BSK (Oct 05)
- Re: [PT] Load Balancers? Jerome Athias (Oct 05)
- Re: [PT] Load Balancers? Thierry Zoller (Oct 05)
- <Possible follow-ups>
- RE: [PT] Load Balancers? James Williams (Oct 05)