Home page logo
/

pen-test logo Penetration Testing mailing list archives

Re: [PEN-TEST] Load Balancing Servers
From: Gregor Binder <gbinder () sysfive com>
Date: Fri, 29 Sep 2000 11:47:49 +0200

Justin Schaefer on Wed, Sep 27, 2000 at 11:16:14AM -0400:

Hi,

You are entirely correct, i was just explaining the concept behind load
balancing servers. Generally this prevents users from obtainign a direct
network connection to one of the machines. However if you are testing for a
web based vulnerability for example, just treat is as one server. I havnet
found anyone yet that load balances across non identical servers. :)

Might be beyond the scope of this thread but:

Some products can do "resource-based" scheduling, that means they will
direct you to different addresses based on the content you try to
access. Requesting an image could for example result in a request to
a network appliance cache, which might be a less interesting target.
While a request for a cgi could go straight to an application server,
that possibly has direct connectivity to databases or is easier to
exploit.

I agree that the identical resources will usually be served from
identical systems. Even though many sites use different platforms,
operating systems and applications to serve different resources, even
if they use the same protocol.

  Gregor.


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault