Load balancing is the practice of distributing traffic across multiple servers, in order to increase performance and reliability. With multiple servers offering the same resources, single points of failure are eliminated, and availability is increased. Load balancers may be set up in a way that users from certain geographic locations are sent to specific servers, in order to increase the speed of access.
Load balancing introduces some issue in penetration tests, because it interferes with the accuracy of the testing. This is why it’s important to establish whether load balancers are in place, and if there are, taking that into account when performing the tests and writing the reports.
lbd (load balancing detector) is a Kali tool that is useful for determining the presence of load balancing.
Author: Stefan Behte
lbd (load balancing detector) detects if a given domain uses DNS and/or HTTP Load-Balancing (via Server: and Date: header and diffs between server answers).
DNS load balancing
In DNS load balancing, a system has a list of IPs that can respond to requests. When you request a resource, you hit on one of these IPs, and you need to test further to identify the exact target. If your target is example.com, and 3 IPs are serving that, when you find a vulnerability, you still have to determine which of these addresses is the vulnerable one (or if all are).
HTTP load balancing
One of the ways HTTP load balancing can be achieved is through cookies. This comes in handy in online stores and other such web applications that need to identify a client and send it to the same specific resource
1 2 3 4
Let’s now check a bunch of domains and see what load balancers we can find, if at all
- DNS and HTTP load balancing
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21
- HTTP load balancing
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18
- no load balancing
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16
- when testing load balanced systems, you can try accessing them by IP instead of name (be advised that firewalls might pick up on this as suspicious activity)
To learn more about load balancing and pentesting, check out this SANS paper
1 2 3 4 5 6 7 8 9